Summary

• Page properties (2 modified, 0 added, 0 removed)

Details

Page properties

Author

...	...	@@ -1,1 +1,1 @@
1		-XWiki.fabricegaillard
	1	+XWiki.messines

Content

...	...	@@ -1,4 +2,3 @@
1		-(% class="wikigeneratedid" %)
2	2	== Must read before starting ==
3	3
4	4	It's very important to choose the right type of clients and to understand the various OAuth flows.
...	...	@@ -15,12 +15,25 @@
15	15
16	16	The steps to create an OpenID Connect (OIDC) client are the following:
17	17
	17	+1. Ask the developer accreditation to be authorize to create client
18	18	1. get an access token from the `developer` client
19	19	1. save your registration access token for further modifications of your client
20	20	1. use the token to call the create endpoint
21	21
22		-Note that a Jupyter Notebook notebook is available in the Drive of this collab to help you create and modify your OIDC client. Its name is: **//Managing an OpenID Connect client.ipynb//** [add link]
	22	+==== Easiest way to create a client ====
23	23
	24	+**A live exemple of client ID creation is available here on our lab**, you can perfectly use this notebook to create your client, the next steps in this documentation reproduce the content of the notebook. **The easiest solution as a user is to use this notebook to create a client** and avoid human error while executing curl request manually.
	25	+
	26	+[[https:~~/~~/lab.ebrains.eu/user/user-redirect/lab/tree/shared/Collaboratory%20Community%20Apps/Managing%20an%20OpenID%20Connect%20client.ipynb>>https://lab.ebrains.eu/user/user-redirect/lab/tree/shared/Collaboratory%20Community%20Apps/Managing%20an%20OpenID%20Connect%20client.ipynb]]
	27	+
	28	+=== Ask for developer accreditation ===
	29	+
	30	+To be authorize to create an OIDC client you have to be accredited as developer.
	31	+
	32	+Please go on this page and "Request to join" the group [[https:~~/~~/wiki.ebrains.eu/bin/view/Identity/#/groups/app-collaboratory-iam~~-~~-service-providers>>https://wiki.ebrains.eu/bin/view/Identity/#/groups/app-collaboratory-iam--service-providers]]
	33	+
	34	+We will quickly process your request and you will be able to create an OIDC client
	35	+
24	24	=== Fetching your developer access token ===
25	25
26	26	Getting your developer token is done in one simple step: authenticate against the developer client with the password grant.
...	...	@@ -75,25 +75,26 @@
75	75	curl -X POST https://iam.ebrains.eu/auth/realms/hbp/clients-registrations/default/ \
76	76	-H "Authorization: Bearer ${clb_dev_token}" \
77	77	-H 'Content-Type: application/json' \
78		- -d '{
79		- "clientId": "my-awesome-client",
80		- "name": "My Awesome App",
	90	+ -d '{ "clientId": "your_client_id",
	91	+ "name": "Collaboratory workshop demo client edited",
81	81	"description": "This describes what my app is for end users",
82		- "rootUrl": "https://root.url.of.my.app",
83		- "baseUrl": "/relative/path/to/its/frontpage.html",
	93	+ "rootUrl": "https://example.org",
	94	+ "baseUrl": "https://example.org",
84	84	"redirectUris": [
85		- "/relative/redirect/path",
86		- "/these/can/use/wildcards/*"
	96	+ "/login/*",
	97	+ "https://example.org/login/*"
87	87	],
88		- "webOrigins": ["+"],
89		- "bearerOnly": false,
90		- "consentRequired": true,
91		- "standardFlowEnabled": true,
92		- "implicitFlowEnabled": true,
93		- "directAccessGrantsEnabled": false,
	99	+ "webOrigins":["http://localhost:8080","https://example.org","+"],
	100	+ "bearerOnly": False,
	101	+ "consentRequired": True,
	102	+ "standardFlowEnabled": True,
	103	+ "implicitFlowEnabled": False,
	104	+ "directAccessGrantsEnabled": False,
94	94	"attributes": {
95	95	"contacts": "first.contact@example.com; second.contact@example.com"
96		- }
	107	+ },
	108	+ "defaultClientScopes": ["openid","profile","email","roles"],
	109	+ "optionalClientScopes": ["team","group"]
97	97	}' |
98	98
99	99	# Pretty print the JSON response