This functionality was removed in Update 23.
When you register a new application in Authorization Server, the client application settings are stored in the Security.sdf file. This file is located in the Web_Sites\ [Site name] \SPFConfigService\SPFAuthentication\App_Data folder.
If you export a site's configuration and then import it to a different HxGN SDx installation, the Security.sdf file must be copied to the corresponding folder in
the new site.
The full list of client application settings available are:
Enabled - Indicates if the client is enabled. The default is True.
Client ID - The unique ID of the client. This is automatically generated by the software but can be changed to a more memorable unique identifier if required.
Client Name - The client display name used for logging in and other consent windows.
Client URI - The client URI providing information about the client. Used on consent screen, if web-based.
Logo URI - The URI for the client logo, if web-based.
Require Consent - Indicates if a consent screen is required. The default is True.
Allow Remember Consent - Indicates if the user can choose to store consent decisions. The default is True.
Flow - The type of flow used by API Services for the client. The default is Implicit, which is when all tokens are returned from the Authorization Endpoint and neither the Token Endpoint nor an Authorization Code are used.
Allow Client Credentials Only - Indicates if only the client is allowed to request tokens using additional client credentials. This is not used by API Services so must be left at the default setting of False.
Identity Token Lifetime - The lifetime of an identity token, in seconds. The default is 300 (5 minutes).
Access Token Lifetime - The amount of time in which a token can be used without renewal, in seconds. The renewal is automatic in Web Client. The default is 3600 (1 hour).
Authorization Code Lifetime - The lifetime of authorization codes, in seconds. The default is 300 (5 minutes).
Absolute Refresh Token Lifetime - The maximum lifetime of a refresh token, in seconds. The default is 2592000 (30 days).
Sliding Refresh Token Lifetime - The sliding lifetime of a refresh token, in seconds. The default is 1296000 (15 days).
Refresh Token Usage - The settings available are:
-
ReUse - The refresh token handle stays the same when refreshing tokens.
-
OneTimeOnly - The refresh token handle is updated when refreshing tokens. This is the default.
Update Access Token Claims On Refresh - Indicates if the access token claims are updated on refresh. The default is False.
Refresh Token Expiration - The settings available are:
-
Absolute - The refresh token expires at a fixed point in time, as specified by the Absolute Refresh Token Lifetime setting. This is the default.
-
Sliding - When refreshing the token, the lifetime of the refresh token is renewed by the amount specified in Sliding Refresh Token Lifetime setting.
Access Token Type - Indicates if the access token is a reference token or the self-contained JWT token, which is the default.
Enable Local Login - Indicates if the client can use local accounts or only use external Identity Providers (IdPs). The default is True.
Include JWT ID - Specifies whether the JWT access tokens have an embedded unique ID through the jti (JWT ID) claim.
Always Send Client Claims - Indicates if the client claims are sent using every flow. The default is False, as client claims are sent using the implicit flow only.
Prefix Client Claims - Indicates if all client claims are prefixed with client_, which ensures they cannot be accidentally confused with user claims. The default is False.
Secrets - A new secret relevant for the implicit flow that requires one. The ClientSecretType may have any value, such as the password or a unique identifier or GUID.
Redirect URIs - URIs that are allowed to receive authorization codes or access tokens.
Post-Logout Redirect URIs - URIs to which redirection is allowed after logout.
Claims - A claim for the client information included in the access token.
Scope Restrictions - A scope that the client is allowed to request. If the default list is left empty, the client can request all scopes.
Audience Restrictions - An audience that the client is allowed to request. If the default list is empty, the client can request all audiences.
Custom Grant Type Restrictions - A custom grant type allowed when Flow is set to Custom. If the default list is empty, all custom grant types are allowed.
Identity Provider Restrictions - An external Identity Provider (IdP) that can be used with this client. If the default list is empty, all IdPs are allowed.