Client Info Endpoint

Owned by Ingvild.Askim.Adde (Unlicensed)
Apr 29, 2024
2 min read

The client info endpoint can be used to retrieve information about your client configuration in HelseID. Thus, information regarding scopes, redirect URIs, expiration date of secrets etc. can easily be accessed through the endpoint.

How to access the endpoint

The client info endpoint is available via /connect/clientinfo relative to the base address, e.g.:

https://helseid-sts.utvikling.nhn.no/connect/clientinfo

Requirements

  • Scope:  helseid://scopes/client/info

  • Valid access token issued by HelseID

Once the client signs in with HelseID with the required scope, a valid access token will be issued and the client info endpoint can be reached.

Example

POST /connect/clientinfo HTTP/1.1 Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkIyME... User-Agent: PostmanRuntime/7.28.4 Accept: */* Postman-Token: 0bdaadc8-98fb-436d-a15e-c01346c9d878 Host: localhost:44366 Accept-Encoding: gzip, deflate, br Connection: keep-alive

 

Return values

ClientId : unique ID of the client.

ClientName: client display name.

Created : when the client was created, given in UnixTimeSeconds.

Updated : when the client was last updated, given in UnixTimeSeconds.

RequirePkce : whether or not Proof Key for Code Exchange (PKCE) is required.

AllowedGrantTypes : the grant types the client is allowed to use.

Available grant types are authorization_code , client_credentials and token_exchange.

AllowedScopes : the scopes the client is allowed to use.

AllowedIdentityProviders : the identity providers allowed to be used.

RedirectUris : URIs where tokens or authorization codes can be returned to. 

PostLogoutRedirectUris : allowed URIs to redirect to after logout.

AccessTokenLifetime : lifetime of access token, given in seconds.

RefreshTokenLifetime : lifetime of refresh token, given in seconds.

RefreshTokenUsageType : whether or not the refresh token can be re-used multiple times (Reusable) or used exclusively one time (OneTimeUseOnly).

SingleSignOnLifetime : the maximum duration since the last time the user was authenticated, given in seconds.

ClientSecrets : list of secrets registered for the client.

Type : secret type.

Available secret types are Public RSA Key (PublicKey:RSA:XML), Public JWK Key (PublicKey:JWK), Enterprice Certificate (EnterpriceCertificate:OrgNo) and Shared Secret (SharedSecret).

Description : description of secret.

Expires : when the secret expires.

AllowedOrgNumbers : the organization numbers and model type that are configured for the client.

Type : model type that specifies whether or not the client is allowed to have one parent with multiple children (OneParentWithMultipleChildren) or multiple parents with no children (MultipleParentsWithNoChildren).

ParentOrgNumber(s) : organization number(s) of the parent organizations(s) registered for the client.

ChildOrgNumber(s) : child organization(s) registered for the given parent organization. This is only applicable if the Type is set to OneParentWithMultipleChildren.

AllClaims : claims registered for the client.

Type : claim type.

Value : claim value.