Attention: The EBRAINS drive will be unavailable for most of the weekend starting the 25th October. Although the Lab is availble while the Drive is down, files that are stored in the Drive will not be loaded and you will be unable to save documents directly on the Lab.


Last modified by bougault on 2022/03/02 11:58
From version 1.1
edited by allan
on 2019/09/12 16:08
Change comment: There is no comment for this version
To version 2.2
edited by allan
on 2019/09/19 11:05
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -20,3 +20,61 @@
20 20  == Registering an application in the Catalogue ==
21 21  
22 22  The Community Apps Catalogue is the place where collab authors look for applications to add to their collabs.
23 +
24 +{{error}}
25 +TODO: describe the steps to register an app in the Catalogue
26 +{{/error}}
27 +
28 +== Creating your OpenID Connect client ==
29 +
30 +The steps to create an OpenID Connect client are the following:
31 +
32 +* get an access token from the `developer` client
33 +* use the token to call the create endpoint
34 +* save your registration access token for further modifications of your client
35 +
36 +=== Fetching your developer access token ===
37 +
38 +In order to get your developer token, you need to authenticate against the developer client with the password grant.
39 +
40 +This can be achieved with this sample bash script:
41 +
42 +{{code language="bash"}}
43 +# Gather username and password from user
44 +echo '\nEnter your username' && read clb_dev_username &&
45 +echo '\nEnter your password' && read -s clb_dev_pwd &&
46 +
47 +# Fetch the token
48 +curl -X POST https://iam.humanbrainproject.eu/auth/realms/hbp/protocol/openid-connect/token \
49 + -u developer: \
50 + -d 'grant_type=password' \
51 + -d "username=${clb_dev_username}" \
52 + -d "password=${clb_dev_pwd}" |
53 +
54 +# Prettify the JSON response
55 +json_pp;
56 +
57 +# Erase the credentials from local variables
58 +clb_dev_pwd='';clb_dev_username=''
59 +{{/code}}
60 +
61 +The response will be similar to:
62 +
63 +{{code language="json"}}
64 +{
65 + "access_token": "eyJhbGci...",
66 + "expires_in": 108000,
67 + "refresh_expires_in": 14400,
68 + "refresh_token": "eyJhbGci...",
69 + "token_type": "bearer",
70 + "not-before-policy": 1563261088,
71 + "session_state": "0ac3dfcd-aa5e-42eb-b333-2f73496b81f8",
72 + "scope": ""
73 +}
74 +{{/code}}
75 +
76 +Copy the "access_token" value, it is the one that will be needed for the next step.
77 +
78 +=== Creating the client ===
79 +
80 +Clients can be created by sending a JSON representation t