OAuth2 Client Management
Production - OAuth2ClientController at /api/v1/oauth2/clients
OAuth2 clients are registered applications that can request access tokens on behalf of users or themselves. Client management endpoints allow creating, listing, and deleting OAuth2 client registrations.
6.8.1Register Client
curl -X POST http://localhost:8081/api/v1/oauth2/clients \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <admin-token>" \
-d '{
"clientName": "BI Dashboard App",
"clientType": "confidential",
"redirectUris": ["https://bi.example.com/callback"],
"scopes": ["openid", "profile", "dashboards:read", "queries:execute"],
"grantTypes": ["authorization_code", "refresh_token"],
"accessTokenValidity": 3600,
"refreshTokenValidity": 86400
}'Response (201 Created)
{
"id": 5,
"clientId": "matih_client_a1b2c3d4e5f6",
"clientSecret": "secret_x9y8w7v6u5t4s3r2q1p0",
"clientName": "BI Dashboard App",
"clientType": "confidential",
"redirectUris": ["https://bi.example.com/callback"],
"scopes": ["openid", "profile", "dashboards:read", "queries:execute"],
"grantTypes": ["authorization_code", "refresh_token"],
"active": true,
"createdAt": "2026-02-12T10:00:00Z"
}The clientSecret is only returned at creation time and when regenerated.
6.8.2List Clients
curl -X GET http://localhost:8081/api/v1/oauth2/clients \
-H "Authorization: Bearer <admin-token>"Regenerate Client Secret
curl -X POST http://localhost:8081/api/v1/oauth2/clients/5/regenerate-secret \
-H "Authorization: Bearer <admin-token>"Delete Client
curl -X DELETE http://localhost:8081/api/v1/oauth2/clients/5 \
-H "Authorization: Bearer <admin-token>"Deactivates the client and revokes all its tokens.
Required Permissions
| Operation | Required |
|---|---|
| Register client | ADMIN or oauth2:clients:write |
| List clients | ADMIN or oauth2:clients:read |
| Get client | ADMIN or oauth2:clients:read |
| Regenerate secret | ADMIN or oauth2:clients:write |
| Delete client | ADMIN or oauth2:clients:delete |