Skip to content

OAuthRegistrationRequest

OAuthRegistrationRequest = object & { [K in `${LocalizableKeys}#${string}`]?: string }

Defined in: src/oauth/register.ts:25

Request body for dynamic registration as defined by https://spec.matrix.org/v1.18/client-server-api/#client-registration

optional application_type?: "web" | "native"

Kind of the application.

The hub MUST support the web and native values to be able to perform redirect URI validation.

Defaults to web if omitted.

optional client_name?: string

Human-readable name of the client to be presented to the user.

This field can be localized by specifying client_name#$lang.

client_uri: string

A URL to a valid web page that SHOULD give the user more information about the client.

This URL MUST use the https scheme and SHOULD NOT require authentication to access. It MUST NOT use a user or password in the authority component of the URI.

The server MAY reject client registrations if this field is invalid or missing.

This URI is a common base for all the other URIs in the metadata: those MUST be either on the same host or on a subdomain of the host of the client_uri. The port number, path and query components MAY be different.

For example, if the client_uri is https://example.com/, then one of the redirect_uris can be https://example.com/callback or https://app.example.com/callback, but not https://app.com/callback.

This field can be localized by specifying client_uri#$lang.

optional grant_types?: NonEmptyArray<string>

Array of the OAuth 2.0 grant types that the client may use.

This MUST include:

the authorization_code value to use the authorization code grant, the refresh_token value to use the refresh token grant.

optional logo_uri?: string

URL that references a logo for the client.

This URL MUST use the https scheme.

This field can be localized by specifying logo_uri#$lang.

optional policy_uri?: string

URL that points to a human-readable policy document for the client.

This URL MUST use the https scheme and SHOULD NOT require authentication to access. It MUST NOT use a user or password in the authority component of the URI.

This field can be localized by specifying policy_uri#$lang.

optional redirect_uris?: NonEmptyArray<string>

Array of redirection URIs for use in redirect-based flows.

At least one URI is required to use the authorization code grant.

optional response_types?: NonEmptyArray<string>

Array of the OAuth 2.0 response types that the client may use.

This MUST include the code value to use the authorization code grant.

optional token_endpoint_auth_method?: string

String indicator of the requested authentication method for the token endpoint.

optional tos_uri?: string

URL that points to a human-readable terms of service document for the client.

This URL MUST use the https scheme and SHOULD NOT require authentication to access. It MUST NOT use a user or password in the authority component of the URI.

This field can be localized by specifying tos_uri#$lang.