Adding a provider

Add a provider and configure the authorization provider metadata information for webMethods API Gateway to communicate with the provider during dynamic client registration only.

1. Open the menu options and select Administration.
2. Select Security > JWT/OAuth/OpenID > Providers.
3. Click Add provider and provide the following information

   Field	Description
   Name	Name of a third-party provider. For example, Amazon. You can also use one of the following pre-configured third-party providers that is shipped with the webMethods API Gateway installation: PingFederate OKTA
   Client metadata field mapping. Specifies the mapping of dynamic client registration specification to that of the client implementation of the provider. The Client metadata field mapping fields are required when you are adding a third-party provider that is not shipped with webMethods API Gateway.
   Specification name	The client metadata attributes in accordance with the dynamic client registration specification as defined in RFC 7591. The available values are as follows. redirect_uris. Redirection URL that the authorization server uses to redirect the authorization code once the authorization request is approved by end user. Note: If you do not specify this attribute, webMethods API Gateway automatically generates the URL. token_endpoint_auth_method. The client authentication method at the token endpoint. grant_types. The grant type of authorization flow to obtain authorization codes, ID tokens, and refresh tokens. application_type response_types. The type of response that the client application uses at the authorization endpoint. client_name. Name of the client to use to represent the client application to the end user during authorization. client_uri. URL of the client application. logo_uri. URL of an image to use to represent the client application to the end user during authorization. Note: The logo_uri is currently not supported in API Gateway. scope. List of user-authorized scopes that the client uses for requesting access tokens. Note: If you do not specify this attribute, the authorization server registers the client with a default set of scopes. contacts. The means (for example, Email address) by which end users can contact the client for support requests. tos_uri. URL of the service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client. Note: The tos_uri is currently not supported in API Gateway. jwks_uri. URL of the JSON Web Key (JWK) Set document containing the client's public keys. Note: The jwks_uri is currently not supported in API Gateway. client_id. Identifier that is unique to the client application. client_secret. The password or phrase for the client application to use to authorize communication with the end user.
   Implementation name	The client metadata attributes that are used by the authorization server, but are not in accordance with the dynamic client registration specification. Example: For the redirect_uris field, provide the value redirectUris. For the grant_types field, provide the value grantTypes. For the client_name field, provide the value name. For the logo_uri field, provide the value logoUrl. For the client_id field, provide the value clientId. For the client_secret field, provide the value secret.
   Extended request parameters. Specifies the additional client metadata attributes that are specific to the authorization server, and are not specified in the dynamic client registration specification. In PingFederate (For example): `forceSecretChange = true`
   Type	Specifies the client metadata attribute type. The available values are: Client read, Client registration, Client update, Client delete.
   Key	The client metadata attribute key that is specific to the authorization server.
   Value	A value for the client metadata attribute key. When sending requests to the authorization server, this value is appended to all requests. You can add multiple request parameters by clicking + Add.
   Application profile	Specifies the application profile that is specific to the authorization server.
   Type	Specifies custom application type other than web and native. By default, the web and native application is added. You can add multiple application type by clicking + Add. You can also modify and delete the added application type by clicking the respective Edit or Delete icon.

4. Click Save. The provider is added and displayed in the list of providers.