name

string

The name of the 0Auth app

callbacks

string[]

An array of strings.

The strings provided must be valid URLs

grantTypes

string[]

• *authorization_code** - This grant type is required for authorization flows and requires the code response type to be present.
• *refresh_token** - This grant type is required to permit the use of refresh tokens.
• *client_credentials** - This grant type is used to permit resource own flow where the client authenticates as the owner of resources (IE games).
• *urn:ietf:params:oauth:grant-type:device_code** - This grant type is used for clients to use the device token flow to authenticate users. This grant type is only permitted for public clients as tokenEndpointAuthMethod should be set to none. RFC 8628: OAuth 2.0 Device Authorization Grant

clientType

string

Private clients require that both client and client id are provided to exchange an access token.

When the responseType is set to private the token_endpoint_auth_method is set client_secret_post - Provide client credentials in the client post body.

When the response type is set to "public" the token_endpoint_auth_method none - Register the client as a public client which cannot use client secret. (required for PKCE, device token flows)

authMethod

string

String indicator of the requested authentication method for the token endpoint. Values defined by this specification are:

https://datatracker.ietf.org/doc/html/rfc7591#section-2

` * "none": The client is a public client as defined in OAuth 2.0,
Section 2.1, and does not have a client secret.

• "client_secret_post": The client uses the HTTP POST parameters
  as defined in OAuth 2.0, Section 2.3.1.

• "client_secret_basic": The client uses HTTP Basic as defined in
  OAuth 2.0, Section 2.3.1.`