Summary

• Page properties (2 modified, 0 added, 0 removed)
• Objects (0 modified, 2 added, 0 removed)
  • XWiki.DocumentSheetBinding[0]
  • XWiki.DocumentSheetBinding[1]

Details

Page properties

Parent

...	...	@@ -1,1 +1,1 @@
1		-Collabs.collab-devs.RFC.WebHome
	1	+Collabs.collaboratory-community-apps.WebHome

Content

...	...	@@ -1,22 +1,206 @@
1		-The Collaboratory is designed to be extended with applications provided by its community of users.
	1	+Developers can extend the Collaboratory capabilities by providing applications to its community of users.
2	2
3		-This guide describes how developers can contribute by creating and registering applications within the Collaboratory.
	3	+This guide describes the steps to make this possible.
4	4
5		-{{toc numbered="true" start="2"/}}
6		-
7	7	== Becoming a contributor ==
8	8
9		-The first step is for you to be recognised as a contributor. Contributors can register and manage applications within the Community Apps Catalogue.
	7	+The first step is for you to **get the developer accreditation**. Contributors can register and manage applications within the Community Apps Catalogue.
10	10
11		-To become a contributor, send an email to [[support@humanbrainproject.eu>>mailto:support@humanbrainproject.eu]] with a short summary of your intentions.
	9	+Send an email to [[support@humanbrainproject.eu>>mailto:support@humanbrainproject.eu]] with a short summary of your intentions.
12	12
13		-The support team will apply the permissions to your user and the next time you will login, your account will be upgraded with developers privileges.
	11	+The support team will apply the permissions to your user: your account will be upgraded with developers privileges the next time you will login.
14	14
15	15	(% class="box infomessage" %)
16	16	(((
17		-Please note that, currently, only SGA2 accredited users will be automatically granted the contributor level.
	15	+Only SGA2 accredited users will be automatically granted the developer accreditation.
18	18	)))
19	19
20	20	== Registering an application in the Catalogue ==
21	21
22		-The Community Apps Catalogue is the place where collab authors look for applications to add to their collabs.
	20	+In order for you application to be installable by users, it needs to be registered within the [[Community Apps Catalogue>>doc:Apps.WebHome]].
	21	+
	22	+Navigate to the catalogue and click on **+Create App** in the top right corner. Enter a name for your app and click on **Create**.
	23	+
	24	+Fill the form with the following information:
	25	+
	26	+* **main URL**: the URL of the homepage of your app. This is where user will be directed when then open your app in a collab.
	27	+* **settings URL**: the URL of the your settings management page if you have one.
	28	+* **description**: a description of what your app does to help users select it.
	29	+* **under development?**: should be checked if you don't want your app to be available by default by other users.
	30	+* **category**: a category to help structuring the applications.
	31	+* **maintainers**: a list of users who maintain the app. The users need to have logged in the wiki at least once to be found. Maintainers are granted the right to modify an app registration.
	32	+* **documentation URL**: if your app has online user documentation, a link will be provided to users when they use your app.
	33	+* **repository**: a URL to a public repository so users can check the sources of your app.
	34	+
	35	+Click on **Save**. Your app is now registered and waiting for users to install it!
	36	+
	37	+== Creating your OpenID Connect client ==
	38	+
	39	+The steps to create an OpenID Connect client are the following:
	40	+
	41	+1. get an access token from the `developer` client
	42	+1. use the token to call the create endpoint
	43	+1. save your registration access token for further modifications of your client
	44	+
	45	+=== Fetching your developer access token ===
	46	+
	47	+Getting your developer token is done in one simple step: authenticate against the developer client with the password grant.
	48	+
	49	+This can be achieved with this sample shell script:
	50	+
	51	+{{code language="bash"}}
	52	+# Gather username and password from user
	53	+echo '\nEnter your username' && read clb_dev_username &&
	54	+echo '\nEnter your password' && read -s clb_dev_pwd &&
	55	+
	56	+# Fetch the token
	57	+curl -X POST https://iam.humanbrainproject.eu/auth/realms/hbp/protocol/openid-connect/token \
	58	+ -u developer: \
	59	+ -d 'grant_type=password' \
	60	+ -d "username=${clb_dev_username}" \
	61	+ -d "password=${clb_dev_pwd}" |
	62	+
	63	+# Prettify the JSON response
	64	+json_pp;
	65	+
	66	+# Erase the credentials from local variables
	67	+clb_dev_pwd='';clb_dev_username=''
	68	+{{/code}}
	69	+
	70	+The response will be similar to:
	71	+
	72	+{{code language="json"}}
	73	+{
	74	+ "access_token": "eyJhbGci...",
	75	+ "expires_in": 108000,
	76	+ "refresh_expires_in": 14400,
	77	+ "refresh_token": "eyJhbGci...",
	78	+ "token_type": "bearer",
	79	+ "not-before-policy": 1563261088,
	80	+ "session_state": "0ac3dfcd-aa5e-42eb-b333-2f73496b81f8",
	81	+ "scope": ""
	82	+}
	83	+{{/code}}
	84	+
	85	+Copy the "access_token" value, you will need if for the next step.
	86	+
	87	+=== Creating the client ===
	88	+
	89	+You can now create clients by sending a JSON representation to a specific endpoint:
	90	+
	91	+{{code language="bash"}}
	92	+# Set your developer token
	93	+clb_dev_token=...
	94	+
	95	+# Send the creation request
	96	+curl -X POST https://iam.humanbrainproject.eu/auth/realms/hbp/clients-registrations/default/ \
	97	+ -H "Authorization: Bearer ${clb_dev_token}" \
	98	+ -H 'Content-Type: application/json' \
	99	+ -d '{
	100	+ "clientId": "my-awesome-client",
	101	+ "name": "My Awesome App",
	102	+ "description": "This describes what my app is for end users",
	103	+ "rootUrl": "https://root.url.of.my.app",
	104	+ "baseUrl": "/relative/path/to/its/frontpage.html",
	105	+ "redirectUris": [
	106	+ "/relative/redirect/path",
	107	+ "/these/can/use/wildcards/*"
	108	+ ],
	109	+ "webOrigins": ["+"],
	110	+ "bearerOnly": false,
	111	+ "consentRequired": true,
	112	+ "standardFlowEnabled": true,
	113	+ "implicitFlowEnabled": true,
	114	+ "directAccessGrantsEnabled": false,
	115	+ "attributes": {
	116	+ "contacts": "first.contact@example.com; second.contact@example.com"
	117	+ }
	118	+ }' |
	119	+
	120	+# Prettify the JSON response
	121	+json_pp;
	122	+{{/code}}
	123	+
	124	+In case of success, the endpoint will return its representation of your client:
	125	+
	126	+{{code language="json"}}
	127	+{
	128	+ "defaultClientScopes" : [
	129	+ "web-origins",
	130	+ "roles"
	131	+ ],
	132	+ "redirectUris" : [
	133	+ "/relative/redirect/path",
	134	+ "/these/can/use/wildcards/*"
	135	+ ],
	136	+ "nodeReRegistrationTimeout" : -1,
	137	+ "rootUrl" : "https://root.url.of.my.app",
	138	+ "webOrigins" : [
	139	+ "+"
	140	+ ],
	141	+ "authenticationFlowBindingOverrides" : {},
	142	+ "baseUrl" : "/relative/path/to/its/frontpage.html",
	143	+ "description" : "This describes what my app is for end users",
	144	+ "notBefore" : 0,
	145	+ "frontchannelLogout" : false,
	146	+ "enabled" : true,
	147	+ "registrationAccessToken" : "eyJhbGciOi...",
	148	+ "consentRequired" : true,
	149	+ "fullScopeAllowed" : false,
	150	+ "clientAuthenticatorType" : "client-secret",
	151	+ "surrogateAuthRequired" : false,
	152	+ "directAccessGrantsEnabled" : false,
	153	+ "standardFlowEnabled" : true,
	154	+ "id" : "551b49a0-ec69-41af-9461-6c10fbc79a35",
	155	+ "attributes" : {
	156	+ "contacts" : "first.contact@example.com; second.contact@example.com"
	157	+ },
	158	+ "name" : "My Awesome App",
	159	+ "secret" : "your-client-secret",
	160	+ "publicClient" : false,
	161	+ "clientId" : "my-awesome-client",
	162	+ "optionalClientScopes" : [],
	163	+ "implicitFlowEnabled" : true,
	164	+ "protocol" : "openid-connect",
	165	+ "bearerOnly" : false,
	166	+ "serviceAccountsEnabled" : false
	167	+}
	168	+{{/code}}
	169	+
	170	+Among all the attributes, you should securely save:
	171	+
	172	+* your client **secret** ("secret" attribute): it is needed by your application to **authenticate to the IAM server** when making backend calls
	173	+* your client **registration access token** ("registrationAccessToken"): you will need it to authenticate when **modifying your client in the future**
	174	+
	175	+=== Modifying your client ===
	176	+
	177	+Update your client with a PUT request:
	178	+
	179	+{{code language="bash"}}
	180	+# Set your registration token and client id
	181	+clb_reg_token=...
	182	+
	183	+# Update the client
	184	+curl -X PUT https://iam.humanbrainproject.eu/auth/realms/hbp/clients-registrations/default/my-awesome-client \
	185	+ -H "Authorization: Bearer ${clb_reg_token}" \
	186	+ -H 'Content-Type: application/json' \
	187	+ -d '{
	188	+ "clientId": "my-awesome-client",
	189	+ "redirectUris": [
	190	+ "/relative/redirect/path",
	191	+ "/these/can/use/wildcards/*",
	192	+ "/a/new/redirect/uri"
	193	+ ]
	194	+ }' |
	195	+
	196	+# Prettify the JSON response
	197	+json_pp;
	198	+{{/code}}
	199	+
	200	+ Note that your need to provide your client id both in the endpoint URL and within the body of the request.
	201	+
	202	+{{warning}}
	203	+/!\ ** Each time you modify your client, a new registration access token will be generated. You need to track of your token changes to keep access to your client.   **/!\
	204	+{{/warning}}
	205	+
	206	+== ==

XWiki.DocumentSheetBinding[0]

Sheet

...	...	@@ -1,0 +1,1 @@
	1	+Collaboratory.Apps.Article.Code.ArticleViewSheet

XWiki.DocumentSheetBinding[1]

Sheet

...	...	@@ -1,0 +1,1 @@
	1	+Collaboratory.Apps.Article.Code.ArticlePreviewSheet