Skip to content
BuildWorkPro Docs

Dynamic Client Registration (RFC 7591)

POST
/oauth/register

Self-registers a new OAuth client. Public endpoint — no authentication required. Per-IP rate-limited to 5 requests/minute. Each redirect_uri is validated against the SSRF guard.

Request Body

Section titled “Request Body ”
object
client_name
required
string
>= 1 characters <= 200 characters
redirect_uris
required
Array<string>
>= 1 items <= 10 items
grant_types
Array<string>
default: authorization_code,refresh_token
Allowed values: authorization_code refresh_token
scope
string
""
token_endpoint_auth_method
string
default: none
Allowed values: none client_secret_basic client_secret_post
contact
string format: email

Responses

Section titled “ Responses ”

201

Section titled “201 ”

Client registered

object
client_id
required
string
client_secret
string
client_id_issued_at
required
integer
client_name
required
string
client_secret_expires_at
integer
redirect_uris
required
Array<string>
grant_types
required
Array<string>
scope
required
string
token_endpoint_auth_method
required
string
Allowed values: none client_secret_basic client_secret_post

400

Section titled “400 ”

RFC 7591 error envelope (invalid_client_metadata, invalid_redirect_uri, invalid_scope)

object
error
required
string
error_description
string

429

Section titled “429 ”

Per-IP rate limit exceeded

object
error
required
string
error_description
string