Interface: DynamicClientRegistrationRequestOptions
March 19, 2026 Ā· View on GitHub
Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by becoming a sponsor.
Properties
[customFetch]?
ā¢ optional [customFetch]?: CustomFetch
Custom Fetch API implementation to use for the HTTP Requests the client will be making. If this option is used, then the customFetch value will be assigned to the resolved Configuration instance for use with all its future individual HTTP requests.
See
algorithm?
ā¢ optional algorithm?: "oidc" | "oauth2"
The issuer transformation algorithm to use. Default is oidc.
Example
Given the Issuer Identifier is https://example.com
oidc => https://example.com/.well-known/openid-configuration
oauth => https://example.com/.well-known/oauth-authorization-server
Given the Issuer Identifier is https://example.com/pathname
oidc => https://example.com/pathname/.well-known/openid-configuration
oauth => https://example.com/.well-known/oauth-authorization-server/pathname
See
DPoP?
ā¢ optional DPoP?: DPoPHandle
DPoP handle to use for requesting a sender-constrained access token. Usually obtained from getDPoPHandle
See
RFC 9449 - OAuth 2.0 Demonstrating Proof of Possession (DPoP)
execute?
ā¢ optional execute?: (config) => void[]
Methods (available list linked below) to execute with the Configuration instance as argument after it is instantiated
Note
Presence of allowInsecureRequests in this option also enables the
use of insecure HTTP requests for the Authorization Server Metadata
discovery request itself.
Parameters
| Parameter | Type |
|---|---|
config | Configuration |
Returns
void
Example
Disable the HTTPS-only restriction for the discovery call and subsequently for all requests made with the resulting Configuration instance.
let server!: URL
let clientId!: string
let clientMetadata!:
| Partial<client.ClientMetadata>
| undefined
| string
let clientAuth!: client.ClientAuth | undefined
let config = await client.discovery(
server,
clientId,
clientMetadata,
clientAuth,
{
execute: [client.allowInsecureRequests],
},
)
See
- allowInsecureRequests
- enableNonRepudiationChecks
- useCodeIdTokenResponseType
- useIdTokenResponseType
- enableDetachedSignatureResponseChecks
- useJwtResponseMode
initialAccessToken?
ā¢ optional initialAccessToken?: string
Access token optionally issued by an authorization server used to authorize calls to the client registration endpoint.
timeout?
ā¢ optional timeout?: number
Timeout (in seconds) for the Authorization Server Metadata discovery. If
this option is used, then the same timeout value will be assigned to the
resolved Configuration instance for use with all its future
individual HTTP requests. Default is 30 (seconds)