Last modified by messines on 2022/05/25 10:11
From version 2.1
edited by mmorgan
on 2020/07/16 01:43
Change comment: There is no comment for this version
To version 1.1
edited by villemai
on 2020/05/04 16:15
Change comment: There is no comment for this version

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.mmorgan
1 +XWiki.villemai
Content
... ... @@ -1,12 +1,12 @@
1 1  == Creating your OpenID Connect client ==
2 2  
3 -The steps to create an OpenID Connect (OIDC) client are the following:
3 +The steps to create an OpenID Connect client are the following:
4 4  
5 5  1. get an access token from the `developer` client
6 -1. save your registration access token for further modifications of your client
7 7  1. use the token to call the create endpoint
7 +1. save your registration access token for further modifications of your client
8 8  
9 -Note that a Jupyter Notebook notebook is available in the Drive of this collab to help you create and modify your OIDC client. Its name is: **//Managing an OpenID Connect client.ipynb//** [add link]
9 +Note that a [[notebook>>url:https://lab.ebrains.eu/user-redirect/lab/tree/drive/Shared%20with%20all/Collaboratory%20Community%20Apps/Managing%20an%20OpenID%20Connect%20client.ipynb]] is available to help you create and modify your OIDC client.
10 10  
11 11  === Fetching your developer access token ===
12 12  
... ... @@ -16,8 +16,8 @@
16 16  
17 17  {{code language="bash"}}
18 18  # Gather username and password from user
19 -read -p 'Enter your username: ' clb_dev_username
20 -read -s -p 'Enter your password: ' clb_dev_pwd
19 +echo '\nEnter your username' && read clb_dev_username &&
20 +echo '\nEnter your password' && read -s clb_dev_pwd &&
21 21  
22 22  # Fetch the token
23 23  curl -X POST https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token \
... ... @@ -25,12 +25,12 @@
25 25   -d 'grant_type=password' \
26 26   --data-urlencode "username=${clb_dev_username}" \
27 27   --data-urlencode "password=${clb_dev_pwd}" |
28 +
29 +# Prettify the JSON response
30 +json_pp;
28 28  
29 -# and pretty-print the JSON response
30 -json_pp
31 -
32 32  # Erase the credentials from local variables
33 -clb_dev_pwd=''; clb_dev_username=''
33 +clb_dev_pwd='';clb_dev_username=''
34 34  {{/code}}
35 35  
36 36  The response will be similar to:
... ... @@ -48,7 +48,7 @@
48 48  }
49 49  {{/code}}
50 50  
51 -Store a copy of the "access_token" value. You will need if for the next step.
51 +Copy the "access_token" value, you will need if for the next step.
52 52  
53 53  === Creating the client ===
54 54  
... ... @@ -83,7 +83,7 @@
83 83   }
84 84   }' |
85 85  
86 -# Pretty print the JSON response
86 +# Prettify the JSON response
87 87  json_pp;
88 88  {{/code}}
89 89  
... ... @@ -135,7 +135,7 @@
135 135  
136 136  Among all the attributes, you should securely save:
137 137  
138 -* your client **secret** ("secret" attribute): it is needed by your application to **authenticate to the IAM server** when making back-end calls
138 +* your client **secret** ("secret" attribute): it is needed by your application to **authenticate to the IAM server** when making backend calls
139 139  * your client **registration access token** ("registrationAccessToken"): you will need it to authenticate when **modifying your client in the future**
140 140  
141 141  === Modifying your client ===
... ... @@ -144,15 +144,14 @@
144 144  
145 145  {{code language="bash"}}
146 146  # Set your registration token and client id
147 -clb_reg_token="eyJhbGciOi..."
148 -clb_client_id="my-awesome-client"
147 +clb_reg_token=...
149 149  
150 -# Update the client. Note that the client ID appears both in the endpoint URL and in the body of the request.
151 -curl -X PUT https://iam.ebrains.eu/auth/realms/hbp/clients-registrations/default/${clb_client_id} \
149 +# Update the client
150 +curl -X PUT https://iam.ebrains.eu/auth/realms/hbp/clients-registrations/default/my-awesome-client \
152 152   -H "Authorization: Bearer ${clb_reg_token}" \
153 153   -H 'Content-Type: application/json' \
154 154   -d '{
155 - "clientId": "'${clb_client_id}'",
154 + "clientId": "my-awesome-client",
156 156   "redirectUris": [
157 157   "/relative/redirect/path",
158 158   "/these/can/use/wildcards/*",
... ... @@ -160,15 +160,15 @@
160 160   ]
161 161   }' |
162 162  
163 -# Pretty print the JSON response
164 -json_pp
165 -
162 +# Prettify the JSON response
163 +json_pp;
166 166  {{/code}}
167 167  
168 168   Note that your need to provide your client id both in the endpoint URL and within the body of the request.
169 169  
170 170  {{warning}}
171 -**⚠  Each time you modify your client, a new registration access token is generated. You need to keep track of your latest token to keep access to your client.  **
169 +/!\ ** Each time you modify your client, a new registration access token will be generated. You need to keep track of your token changes to keep access to your client.   **/!\
172 172  {{/warning}}
173 173  
172 +(% class="wikigeneratedid" id="HH4Won27tAppearinToC" %)
174 174  
Table of content