Skip to content

OAuthClient

OAuthClient

Section titled “OAuthClient”

Defines a registered OAuth client application.

This object can be configured from the WebUI under Management › Directory › OAuth Clients

Fields

Section titled “Fields”
clientId
Section titled “clientId”

Type: String · required

Unique identifier of the OAuth client

description
Section titled “description”

Type: String?

Description of the OAuth client

contacts
Section titled “contacts”

Type: EmailAddress[]

Contact email addresses for the OAuth client

secret
Section titled “secret”

Type: String? · secret

Secret value of the OAuth client

createdAt
Section titled “createdAt”

Type: UTCDateTime · read-only · server-set

Creation date of the OAuth client

expiresAt
Section titled “expiresAt”

Type: UTCDateTime?

Expiration date of the OAuth client

memberTenantId
Section titled “memberTenantId”

Type: Id<Tenant>?

Identifier for the tenant this OAuth client belongs to

redirectUris
Section titled “redirectUris”

Type: Uri[]

List of redirect URIs for the OAuth client

Section titled “logo”

Type: String?

URL or base64-encoded image representing the OAuth client

JMAP API

Section titled “JMAP API”

The OAuthClient object is available via the urn:stalwart:jmap capability.

x:OAuthClient/get

Section titled “x:OAuthClient/get”

This is a standard Foo/get method as defined in RFC 8620, Section 5.1.

This method requires the sysOAuthClientGet permission.

Terminal window
curl -X POST https://mail.example.com/api \
  -H 'Authorization: Bearer $TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
      "methodCalls": [
        [
          "x:OAuthClient/get",
          {
            "ids": [
              "id1"
            ]
          },
          "c1"
        ]
      ],
      "using": [
        "urn:ietf:params:jmap:core",
        "urn:stalwart:jmap"
      ]
    }'

x:OAuthClient/set

Section titled “x:OAuthClient/set”

This is a standard Foo/set method as defined in RFC 8620, Section 5.3.

Supports create, update, and destroy operations in a single call.

Create

Section titled “Create”

This operation requires the sysOAuthClientCreate permission.

Terminal window
curl -X POST https://mail.example.com/api \
  -H 'Authorization: Bearer $TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
      "methodCalls": [
        [
          "x:OAuthClient/set",
          {
            "create": {
              "new1": {
                "clientId": "Example",
                "contacts": {},
                "redirectUris": {}
              }
            }
          },
          "c1"
        ]
      ],
      "using": [
        "urn:ietf:params:jmap:core",
        "urn:stalwart:jmap"
      ]
    }'

Update

Section titled “Update”

This operation requires the sysOAuthClientUpdate permission.

Terminal window
curl -X POST https://mail.example.com/api \
  -H 'Authorization: Bearer $TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
      "methodCalls": [
        [
          "x:OAuthClient/set",
          {
            "update": {
              "id1": {
                "clientId": "updated value"
              }
            }
          },
          "c1"
        ]
      ],
      "using": [
        "urn:ietf:params:jmap:core",
        "urn:stalwart:jmap"
      ]
    }'

Destroy

Section titled “Destroy”

This operation requires the sysOAuthClientDestroy permission.

Terminal window
curl -X POST https://mail.example.com/api \
  -H 'Authorization: Bearer $TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
      "methodCalls": [
        [
          "x:OAuthClient/set",
          {
            "destroy": [
              "id1"
            ]
          },
          "c1"
        ]
      ],
      "using": [
        "urn:ietf:params:jmap:core",
        "urn:stalwart:jmap"
      ]
    }'

x:OAuthClient/query

Section titled “x:OAuthClient/query”

This is a standard Foo/query method as defined in RFC 8620, Section 5.5.

This method requires the sysOAuthClientQuery permission.

Terminal window
curl -X POST https://mail.example.com/api \
  -H 'Authorization: Bearer $TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
      "methodCalls": [
        [
          "x:OAuthClient/query",
          {
            "filter": {
              "text": "example"
            }
          },
          "c1"
        ]
      ],
      "using": [
        "urn:ietf:params:jmap:core",
        "urn:stalwart:jmap"
      ]
    }'

The x:OAuthClient/query filter argument accepts the following conditions (combinable with AnyOf / AllOf / Not per RFC 8620):

ConditionKind
texttext
clientIdtext
memberTenantIdid of Tenant

CLI

Section titled “CLI”

stalwart-cli wraps the same JMAP calls. See the CLI reference for installation, authentication, and general usage.

Fetch

Section titled “Fetch”
Terminal window
stalwart-cli get OAuthClient id1

Create

Section titled “Create”
Terminal window
stalwart-cli create OAuthClient \
  --field clientId=Example \
  --field 'contacts={}' \
  --field 'redirectUris={}'

Query

Section titled “Query”
Terminal window
stalwart-cli query OAuthClient
stalwart-cli query OAuthClient --where text=example

Update

Section titled “Update”
Terminal window
stalwart-cli update OAuthClient id1 --field clientId='updated value'

Delete

Section titled “Delete”
Terminal window
stalwart-cli delete OAuthClient --ids id1