App client settings

We will now configure the call back URLs, OAuth flows and OAuth scopes.

Scroll down while still in the App integration tab to App client list and click on “petstore-client”

Then under Hosted UI select Edit

There are a number of options to enable, ensure yours look the same as the image.

First we add the Allowed sign-out URL to https://localhost

Under OAuth 2.0 Grant Types select

  • Authorization code grant and
  • Implicit grant

The implicit grant flow exposes OAuth tokens in the url. Although we are using it here for testing purposes only, we strongly reocmmend you only use the authroization code flow with PKCE for public clients.

Under OpenID Connect Scopes select

  • OpenID and
  • Profile

Under Custom Scopes select

  • petstore/read

Finally click Save changes