Credential Settings

Credential settings in Login 3.0 define how your application authenticates with the authorization server. These settings are configured and managed by the UPBOND team. Applications can use various authentication methods depending on their type and security requirements.

Authentication Methods

Login 3.0 supports the following authentication methods for applications:

  • Private Key JWT:

    An asymmetric authentication method for confidential applications.

    • You generate a pair of keys (public and private).

    • The public key is shared with the UPBOND team, while the private key remains securely stored in your system.

    • The private key is used to sign requests sent to the authorization server.

  • Client Secret:

    A symmetric authentication method.

    • The UPBOND team provides a Client Secret when registering your application.

    • Use this secret to authenticate your application.

  • Client Secret (Basic):

    Uses the HTTP BASIC authentication scheme to send the Client Secret. Suitable for confidential applications.

  • Client Secret (Post):

    Sends the Client Secret in the request body parameters for authentication.

For guidance on choosing the appropriate method, consult the UPBOND team.

Available Credentials

Applications can have up to two active credentials for flexibility during key rotations or updates. Credentials are managed by the UPBOND team, and the following details are maintained:

  • Name:

    A descriptive name for the credential

  • Key ID:

    A unique identifier generated by Login 3.0. Credentials with the same Key ID cannot be reused.

  • Algorithm:

    The signing algorithm for the credential. Supported algorithms include:

    • RS256

    • PS256

    • RS384

  • Expires At:

    The date and time when the credential becomes invalid. Expired credentials are inoperable but are not automatically deleted.

If you need new credentials or updates, contact the UPBOND team.

Credential Management

Add New Credential

To add a new credential, provide the following details to the UPBOND team:

  • Desired algorithm (e.g., RS256).

  • Expiry date, if required.

The team will generate and configure the credential for your application.

Enable, Disable, or Delete Credentials

Request the UPBOND team to enable, disable, or delete credentials as needed. These changes ensure your application maintains secure and reliable access.

Rotate Client Secret

Client secrets should be rotated periodically to maintain security. If you suspect your Client Secret has been compromised or as part of regular maintenance, notify the UPBOND team to initiate a secret rotation. Ensure all applications using the Client Secret are updated with the new value.

PreviousApplication SettingsNextApplication Grant Types

Last updated

Was this helpful?