OIDC Dynamic Clients- Custom Identifiers

You can customize the value of the client_id, client_secret and registration_access_token issued to the application.

There is an example of this in the out-of-the-box PreToken mapping rule. Look for the variable custom_client_id_secret.

If a custom client_secret is set then it is issued, regardless of whether it is enabled in the definition configuration and whether or not the request is made by an authenticated party

To customize the registration_access_token, see Customizing OAuth tokens by updating the sample PreTokenGeneration mapping rule.

API Protection clients now have a dynamic data field when they are configured. This allows storage of arbitrary data against the client which can be accessed at runtime (For example, from the consent page and in mapping rules).