Last modified by messines on 2022/05/25 10:11
From version 9.1
edited by messines
on 2021/11/15 14:38
Change comment: There is no comment for this version
To version 3.1
edited by mmorgan
on 2020/07/16 01:46
Change comment: There is no comment for this version

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -1. Registering an OIDC client
1 +Registering an OIDC client
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.messines
1 +XWiki.mmorgan
Content
... ... @@ -1,38 +13,13 @@
1 -== Must read before starting ==
2 -
3 -It's very important to choose the right type of clients and to understand the various OAuth flows.
4 -
5 -A very good documentation is this one :
6 -
7 -[[https:~~/~~/auth0.com/docs/authorization/which-oauth-2-0-flow-should-i-use>>url:https://auth0.com/docs/authorization/which-oauth-2-0-flow-should-i-use]]
8 -
9 -and another one
10 -
11 -[[https:~~/~~/dzone.com/articles/the-right-flow-for-the-job-which-oauth-20-flow-sho>>url:https://dzone.com/articles/the-right-flow-for-the-job-which-oauth-20-flow-sho]]
12 -
13 13  == Creating your OpenID Connect client ==
14 14  
15 15  The steps to create an OpenID Connect (OIDC) client are the following:
16 16  
17 -1. Ask the developer accreditation to be authorize to create client
18 18  1. get an access token from the `developer` client
19 19  1. save your registration access token for further modifications of your client
20 20  1. use the token to call the create endpoint
21 21  
22 -==== Easiest way to create a client ====
9 +Note that a Jupyter Notebook notebook is available in the Drive of this collab to help you create and modify your OIDC client. Its name is: **//Managing an OpenID Connect client.ipynb//** [add link]
23 23  
24 -A live exemple of client ID creation is available here on our lab, you can perfectly use this notebook to create your client, the next steps in this documentation reproduce the content of the notebook. The easiest solution as a user is to use this notebook to create a client and avoid human error while executing curl request manually.
25 -
26 -[[https:~~/~~/lab.ebrains.eu/user/user-redirect/lab/tree/shared/Collaboratory%20Community%20Apps/Managing%20an%20OpenID%20Connect%20client.ipynb>>https://lab.ebrains.eu/user/user-redirect/lab/tree/shared/Collaboratory%20Community%20Apps/Managing%20an%20OpenID%20Connect%20client.ipynb]]
27 -
28 -=== Ask for developer accreditation ===
29 -
30 -To be authorize to create an OIDC client you have to be accredited as developer.
31 -
32 -Please go on this page and "Request to join" the group [[https:~~/~~/wiki.ebrains.eu/bin/view/Identity/#/groups/app-collaboratory-iam~~-~~-service-providers>>https://wiki.ebrains.eu/bin/view/Identity/#/groups/app-collaboratory-iam--service-providers]]
33 -
34 -We will quickly process your request and you will be able to create an OIDC client
35 -
36 36  === Fetching your developer access token ===
37 37  
38 38  Getting your developer token is done in one simple step: authenticate against the developer client with the password grant.
... ... @@ -87,26 +87,25 @@
87 87  curl -X POST https://iam.ebrains.eu/auth/realms/hbp/clients-registrations/default/ \
88 88   -H "Authorization: Bearer ${clb_dev_token}" \
89 89   -H 'Content-Type: application/json' \
90 - -d '{ "clientId": "your_client_id",
91 - "name": "Collaboratory workshop demo client edited",
65 + -d '{
66 + "clientId": "my-awesome-client",
67 + "name": "My Awesome App",
92 92   "description": "This describes what my app is for end users",
93 - "rootUrl": "https://example.org",
94 - "baseUrl": "https://example.org",
69 + "rootUrl": "https://root.url.of.my.app",
70 + "baseUrl": "/relative/path/to/its/frontpage.html",
95 95   "redirectUris": [
96 - "/login/*",
97 - "https://example.org/login/*"
72 + "/relative/redirect/path",
73 + "/these/can/use/wildcards/*"
98 98   ],
99 - "webOrigins":["http://localhost:8080","https://example.org","+"],
100 - "bearerOnly": False,
101 - "consentRequired": True,
102 - "standardFlowEnabled": True,
103 - "implicitFlowEnabled": False,
104 - "directAccessGrantsEnabled": False,
75 + "webOrigins": ["+"],
76 + "bearerOnly": false,
77 + "consentRequired": true,
78 + "standardFlowEnabled": true,
79 + "implicitFlowEnabled": true,
80 + "directAccessGrantsEnabled": false,
105 105   "attributes": {
106 106   "contacts": "first.contact@example.com; second.contact@example.com"
107 - },
108 - "defaultClientScopes": ["openid","profile","email","roles"],
109 - "optionalClientScopes": ["team","group"]
83 + }
110 110   }' |
111 111  
112 112  # Pretty print the JSON response
... ... @@ -196,3 +196,4 @@
196 196  {{warning}}
197 197  **⚠  Each time you modify your client, a new registration access token is generated. You need to keep track of your latest token to keep access to your client.  ⚠**
198 198  {{/warning}}
173 +
Table of content