List OAuth Clients

Retrieve a paginated list of all OAuth clients in the project.

OAuth clients enable secure API access through different grant types:

Grant Types:

1. Client Credentials

   • For server-to-server API access
   • No user interaction required
   • No redirect URIs needed
   • Returns access token directly
   • Best for automated processes and service accounts

2. Authorization Code

   • For user-based access to the API
   • Requires redirect URIs for OAuth flow
   • Most secure for web applications
   • Flow:
     1. User is redirected to authorization server
     2. After consent, redirects back to your app with auth code
     3. Your app exchanges code for tokens
   • Required for web applications accessing user data

3. Refresh Token

   • Enables long-term API access
   • Used with authorization code flow
   • Allows getting new access tokens without user interaction
   • No redirect URIs needed for refresh flow itself
   • Best for maintaining persistent access

4. Implicit (Legacy)

   • For browser-based applications
   • Requires redirect URIs
   • Returns token in URL fragment
   • Less secure than authorization code
   • Not recommended for new applications

Redirect URIs:

• Required for authorization code and implicit flows
• Must be exact match when used
• Common formats:
  • Web apps: https://app.example.com/oauth/callback
  • Local development: http://localhost:3000/callback
  • Mobile apps: myapp://oauth/callback
• Security requirements:
  • Must use HTTPS in production
  • Cannot contain fragments (#)
  • Should be specific paths, not generic domains
  • Maximum length: 2048 characters

Each client in the list includes:

• Unique client ID
• Name and description
• Configured redirect URIs
• Supported grant types
• Creation and modification timestamps