API ReferenceO Auth Clients

Get OAuth Client Details

Retrieve detailed information about a specific OAuth client. Returns: - Client configuration - Allowed grant types and scopes - Redirect URIs - Usage statistics - Last access time Note: Client secret is never returned in responses.

Authentication

AuthorizationBearer

Bearer token authentication using JWT tokens from Ory Kratos/Hydra

Path parameters

oauth_client_idstringRequiredformat: "uuid"
org_idstringRequiredformat: "uuid"
project_idstringRequiredformat: "uuid"

Response

OAuth client details
idstringformat: "uuid"
Unique identifier for the OAuth client.
namestring

Human-readable name for the OAuth client.

client_idstringformat: "uuid"
Unique identifier used to identify the client with the authorization server.
project_idstringformat: "uuid"
ID of the project this OAuth client belongs to.
createdstring
Timestamp when the OAuth client was created.
modifiedstring
Timestamp when the OAuth client was last modified.
descriptionstring or null
Optional description explaining the client's purpose and usage.
redirect_urislist of strings or null

List of authorized redirect URIs for OAuth flows requiring user interaction. Required for authorization code and implicit flows. Must be exact matches when used. Must use HTTPS in production (except for localhost).

grant_typeslist of enums or null
OAuth 2.0 grant types enabled for this client. - client_credentials: For server-to-server API access - authorization_code: For web and mobile apps - refresh_token: For maintaining long-term access - implicit: Legacy flow, not recommended for new applications
Allowed values:
client_secretstring or null

Secret key used to authenticate the client. Only shown once upon creation. Must be stored securely. Required for confidential clients (e.g., server applications).

token_endpoint_auth_methodenum or nullDefaults to client_secret_basic
Authentication method enabled for the client: - client_secret_basic: Client ID and secret sent in HTTP headers - client_secret_post: Client ID and secret sent in request body - none: No client authentication (required for public clients using PKCE)
Allowed values:
pkce_requiredboolean or nullDefaults to false

Whether PKCE (Proof Key for Code Exchange) is required for this client. When enabled, authorization code flows must include code_challenge and code_verifier. Recommended for public clients (mobile apps, SPAs) and enhances security for all clients.

pkce_challenge_methodenum or null
PKCE code challenge method when PKCE is enabled. - S256: SHA256 hash of code verifier (recommended and secure) - plain: Plain text code verifier (not recommended, only for testing)
Allowed values:
deletedstring or null
Timestamp when the OAuth client was deleted, if applicable.

Errors