Skip to main content
PUT
/
api
/
adm
/
identityServerClients
/
{id}
Update IdentityServer Client
curl --request PUT \
  --url https://localhost:44371/api/adm/identityServerClients/{id} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "id": "<string>",
  "isActive": true,
  "description": "<string>"
}
'
{
  "success": true,
  "code": 200,
  "errorMessage": null
}

Description

Updates an existing IdentityServer4 client configuration. Common use cases include rotating client secrets, adding/removing allowed scopes, updating redirect URIs, adjusting token lifetimes, or enabling/disabling clients.

Input

  • Path Parameter: id (guid, required) — Unique identifier of the client to update.
  • Body: model (IdentityServerClientUpdateCommandRequest, required) — Updated configuration including:
    • id (guid, required) — Client identifier (must match path parameter).
    • clientName (string, optional) — Updated display name.
    • clientSecrets (string[], optional) — Updated client secrets.
    • allowedScopes (string[], optional) — Updated permitted scopes.
    • redirectUris (string[], optional) — Updated redirect URIs.
    • enabled (bool, optional) — Enable or disable client.

Output

Returns a IdentityServerClientUpdateCommandResponse indicating update success.

Example Request

PUT /api/admin/identityServerClients/7bc94a21-8833-4d2f-a5e1-9f4b2d8c1e7a
Content-Type: application/json
Authorization: Bearer {token}

{
  "id": "7bc94a21-8833-4d2f-a5e1-9f4b2d8c1e7a",
  "clientName": "Updated Payment API Client",
  "allowedScopes": ["Payment", "openid"],
  "enabled": true
}

Example Response

{
  "success": true,
  "code": 200,
  "errorMessage": null
}

Errors

  • 400 Bad Request — Missing required fields, validation errors, or invalid configuration conflicting with OAuth/OIDC standards.
  • 404 Not Found — No client exists with the specified ID.
  • 401 Unauthorized — Missing or invalid authentication token.

Notes

  • Changing client secrets will invalidate existing tokens issued with the old secret.
  • Modifying allowed scopes may affect existing client applications.
  • Updates to redirect URIs require redeployment of client applications.
  • Disabling a client prevents it from obtaining new tokens.
  • Configuration changes may require IdentityServer cache refresh.

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Path Parameters

id
string<guid>
required

The unique identifier of the client to update.

Body

application/json

The updated client configuration details.

Represents the payload used to update an identity server client.

id
string<guid>

The identifier of the client being updated.

isActive
boolean

Indicates whether the client is active.

description
string | null

The description of the client.

Response

Returns success when the client is updated successfully.

Standard response structure containing operation status and error information. Standard command response indicating the result of a data modification. Represents the response returned after updating an identity server client.

success
boolean

True if the operation completed successfully; false if an error occurred.

Example:

true

code
enum<string>

Result code indicating the outcome of the operation.

Available options:
Unknown,
Success,
BadRequest,
Unauthorized,
NotFound,
Error
Example:

200

errorMessage
string | null

Human-readable error message when an error occurs.

Example:

null