Summary

• Page properties (3 modified, 0 added, 0 removed)

Details

Page properties

Title

...	...	@@ -1,1 +1,1 @@
1		-1. Registering an OIDC client
	1	+Registering an OIDC client

Author

...	...	@@ -1,1 +1,1 @@
1		-XWiki.fabricegaillard
	1	+XWiki.villemai

Content

...	...	@@ -1,25 +14,12 @@
1		-(% class="wikigeneratedid" %)
2		-== Must read before starting ==
3		-
4		-It's very important to choose the right type of clients and to understand the various OAuth flows.
5		-
6		-A very good documentation is this one :
7		-
8		-[[https:~~/~~/auth0.com/docs/authorization/which-oauth-2-0-flow-should-i-use>>url:https://auth0.com/docs/authorization/which-oauth-2-0-flow-should-i-use]]
9		-
10		-and another one
11		-
12		-[[https:~~/~~/dzone.com/articles/the-right-flow-for-the-job-which-oauth-20-flow-sho>>url:https://dzone.com/articles/the-right-flow-for-the-job-which-oauth-20-flow-sho]]
13		-
14	14	== Creating your OpenID Connect client ==
15	15
16		-The steps to create an OpenID Connect (OIDC) client are the following:
	3	+The steps to create an OpenID Connect client are the following:
17	17
18	18	1. get an access token from the `developer` client
19		-1. save your registration access token for further modifications of your client
20	20	1. use the token to call the create endpoint
	7	+1. save your registration access token for further modifications of your client
21	21
22		-Note that a Jupyter Notebook notebook is available in the Drive of this collab to help you create and modify your OIDC client. Its name is: **//Managing an OpenID Connect client.ipynb//** [add link]
	9	+Note that a [[notebook>>url:https://lab.ebrains.eu/user-redirect/lab/tree/drive/Shared%20with%20all/Collaboratory%20Community%20Apps/Managing%20an%20OpenID%20Connect%20client.ipynb]] is available to help you create and modify your OIDC client.
23	23
24	24	=== Fetching your developer access token ===
25	25
...	...	@@ -29,8 +29,8 @@
29	29
30	30	{{code language="bash"}}
31	31	# Gather username and password from user
32		-read -p 'Enter your username: ' clb_dev_username
33		-read -s -p 'Enter your password: ' clb_dev_pwd
	19	+echo '\nEnter your username' && read clb_dev_username &&
	20	+echo '\nEnter your password' && read -s clb_dev_pwd &&
34	34
35	35	# Fetch the token
36	36	curl -X POST https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token \
...	...	@@ -38,12 +38,12 @@
38	38	-d 'grant_type=password' \
39	39	--data-urlencode "username=${clb_dev_username}" \
40	40	--data-urlencode "password=${clb_dev_pwd}" |
	28	+
	29	+# Prettify the JSON response
	30	+json_pp;
41	41
42		-# and pretty-print the JSON response
43		-json_pp
44		-
45	45	# Erase the credentials from local variables
46		-clb_dev_pwd=''; clb_dev_username=''
	33	+clb_dev_pwd='';clb_dev_username=''
47	47	{{/code}}
48	48
49	49	The response will be similar to:
...	...	@@ -61,7 +61,7 @@
61	61	}
62	62	{{/code}}
63	63
64		-Store a copy of the "access_token" value. You will need if for the next step.
	51	+Copy the "access_token" value, you will need if for the next step.
65	65
66	66	=== Creating the client ===
67	67
...	...	@@ -69,7 +69,7 @@
69	69
70	70	{{code language="bash"}}
71	71	# Set your developer token
72		-clb_dev_token="eyJhbGci..."
	59	+clb_dev_token=...
73	73
74	74	# Send the creation request
75	75	curl -X POST https://iam.ebrains.eu/auth/realms/hbp/clients-registrations/default/ \
...	...	@@ -96,7 +96,7 @@
96	96	}
97	97	}' |
98	98
99		-# Pretty print the JSON response
	86	+# Prettify the JSON response
100	100	json_pp;
101	101	{{/code}}
102	102
...	...	@@ -148,7 +148,7 @@
148	148
149	149	Among all the attributes, you should securely save:
150	150
151		-* your client **secret** ("secret" attribute): it is needed by your application to **authenticate to the IAM server** when making back-end calls
	138	+* your client **secret** ("secret" attribute): it is needed by your application to **authenticate to the IAM server** when making backend calls
152	152	* your client **registration access token** ("registrationAccessToken"): you will need it to authenticate when **modifying your client in the future**
153	153
154	154	=== Modifying your client ===
...	...	@@ -157,15 +157,14 @@
157	157
158	158	{{code language="bash"}}
159	159	# Set your registration token and client id
160		-clb_reg_token="eyJhbGciOi..."
161		-clb_client_id="my-awesome-client"
	147	+clb_reg_token=...
162	162
163		-# Update the client. Note that the client ID appears both in the endpoint URL and in the body of the request.
164		-curl -X PUT https://iam.ebrains.eu/auth/realms/hbp/clients-registrations/default/${clb_client_id} \
	149	+# Update the client
	150	+curl -X PUT https://iam.ebrains.eu/auth/realms/hbp/clients-registrations/default/my-awesome-client \
165	165	-H "Authorization: Bearer ${clb_reg_token}" \
166	166	-H 'Content-Type: application/json' \
167	167	-d '{
168		- "clientId": "'${clb_client_id}'",
	154	+ "clientId": "my-awesome-client",
169	169	"redirectUris": [
170	170	"/relative/redirect/path",
171	171	"/these/can/use/wildcards/*",
...	...	@@ -173,13 +173,15 @@
173	173	]
174	174	}' |
175	175
176		-# Pretty print the JSON response
177		-json_pp
178		-
	162	+# Prettify the JSON response
	163	+json_pp;
179	179	{{/code}}
180	180
181	181	Note that your need to provide your client id both in the endpoint URL and within the body of the request.
182	182
183	183	{{warning}}
184		-**⚠  Each time you modify your client, a new registration access token is generated. You need to keep track of your latest token to keep access to your client.  ⚠**
	169	+/!\ ** Each time you modify your client, a new registration access token will be generated. You need to keep track of your token changes to keep access to your client.   **/!\
185	185	{{/warning}}
	171	+
	172	+(% class="wikigeneratedid" id="HH4Won27tAppearinToC" %)
	173	+