Summary

• Page properties (2 modified, 0 added, 0 removed)

Details

Page properties

Author

...	...	@@ -1,1 +1,1 @@
1		-XWiki.messines
	1	+XWiki.fabricegaillard

Content

...	...	@@ -1,3 +1,4 @@
	1	+(% class="wikigeneratedid" %)
1	1	== Must read before starting ==
2	2
3	3	It's very important to choose the right type of clients and to understand the various OAuth flows.
...	...	@@ -14,25 +14,12 @@
14	14
15	15	The steps to create an OpenID Connect (OIDC) client are the following:
16	16
17		-1. Ask the developer accreditation to be authorize to create client
18	18	1. get an access token from the `developer` client
19	19	1. save your registration access token for further modifications of your client
20	20	1. use the token to call the create endpoint
21	21
22		-==== Easiest way to create a client ====
	22	+Note that a Jupyter Notebook notebook is available in the Drive of this collab to help you create and modify your OIDC client. Its name is: **//Managing an OpenID Connect client.ipynb//** [add link]
23	23
24		-**A live exemple of client ID creation is available here on our lab**, you can perfectly use this notebook to create your client, the next steps in this documentation reproduce the content of the notebook. **The easiest solution as a user is to use this notebook to create a client** and avoid human error while executing curl request manually.
25		-
26		-[[https:~~/~~/lab.ebrains.eu/user/user-redirect/lab/tree/shared/Collaboratory%20Community%20Apps/Managing%20an%20OpenID%20Connect%20client.ipynb>>https://lab.ebrains.eu/user/user-redirect/lab/tree/shared/Collaboratory%20Community%20Apps/Managing%20an%20OpenID%20Connect%20client.ipynb]]
27		-
28		-=== Ask for developer accreditation ===
29		-
30		-To be authorize to create an OIDC client you have to be accredited as developer.
31		-
32		-Please go on this page and "Request to join" the group [[https:~~/~~/wiki.ebrains.eu/bin/view/Identity/#/groups/app-collaboratory-iam~~-~~-service-providers>>https://wiki.ebrains.eu/bin/view/Identity/#/groups/app-collaboratory-iam--service-providers]]
33		-
34		-We will quickly process your request and you will be able to create an OIDC client
35		-
36	36	=== Fetching your developer access token ===
37	37
38	38	Getting your developer token is done in one simple step: authenticate against the developer client with the password grant.
...	...	@@ -87,26 +87,25 @@
87	87	curl -X POST https://iam.ebrains.eu/auth/realms/hbp/clients-registrations/default/ \
88	88	-H "Authorization: Bearer ${clb_dev_token}" \
89	89	-H 'Content-Type: application/json' \
90		- -d '{ "clientId": "your_client_id",
91		- "name": "Collaboratory workshop demo client edited",
	78	+ -d '{
	79	+ "clientId": "my-awesome-client",
	80	+ "name": "My Awesome App",
92	92	"description": "This describes what my app is for end users",
93		- "rootUrl": "https://example.org",
94		- "baseUrl": "https://example.org",
	82	+ "rootUrl": "https://root.url.of.my.app",
	83	+ "baseUrl": "/relative/path/to/its/frontpage.html",
95	95	"redirectUris": [
96		- "/login/*",
97		- "https://example.org/login/*"
	85	+ "/relative/redirect/path",
	86	+ "/these/can/use/wildcards/*"
98	98	],
99		- "webOrigins":["http://localhost:8080","https://example.org","+"],
100		- "bearerOnly": False,
101		- "consentRequired": True,
102		- "standardFlowEnabled": True,
103		- "implicitFlowEnabled": False,
104		- "directAccessGrantsEnabled": False,
	88	+ "webOrigins": ["+"],
	89	+ "bearerOnly": false,
	90	+ "consentRequired": true,
	91	+ "standardFlowEnabled": true,
	92	+ "implicitFlowEnabled": true,
	93	+ "directAccessGrantsEnabled": false,
105	105	"attributes": {
106	106	"contacts": "first.contact@example.com; second.contact@example.com"
107		- },
108		- "defaultClientScopes": ["openid","profile","email","roles"],
109		- "optionalClientScopes": ["team","group"]
	96	+ }
110	110	}' |
111	111
112	112	# Pretty print the JSON response