Summary

• Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

...	...	@@ -6,7 +6,7 @@
6	6
7	7	== Becoming a contributor ==
8	8
9		-The first step is for you to be recognised as a contributor. Contributors can register and manage applications within the Community Apps Catalogue.
	9	+The first step is for you to be **recognised as a contributor**. Contributors can register and manage applications within the Community Apps Catalogue.
10	10
11	11	To become a contributor, send an email to [[support@humanbrainproject.eu>>mailto:support@humanbrainproject.eu]] with a short summary of your intentions.
12	12
...	...	@@ -29,20 +29,20 @@
29	29
30	30	The steps to create an OpenID Connect client are the following:
31	31
32		-* get an access token from the `developer` client
33		-* use the token to call the create endpoint
34		-* save your registration access token for further modify your client
	32	+1. get an access token from the `developer` client
	33	+1. use the token to call the create endpoint
	34	+1. save your registration access token for further modifications of your client
35	35
36	36	=== Fetching your developer access token ===
37	37
38	38	In order to get your developer token, you need to authenticate against the developer client with the password grant.
39	39
40		-This can be achieved with this sample bash script:
	40	+This can be achieved with this sample shell script:
41	41
42	42	{{code language="bash"}}
43	43	# Gather username and password from user
44		-echo 'Enter your username' && read clb_dev_username &&
45		-echo 'Enter your password' && read -s clb_dev_pwd &&
	44	+echo '\nEnter your username' && read clb_dev_username &&
	45	+echo '\nEnter your password' && read -s clb_dev_pwd &&
46	46
47	47	# Fetch the token
48	48	curl -X POST https://iam.humanbrainproject.eu/auth/realms/hbp/protocol/openid-connect/token \
...	...	@@ -49,7 +49,10 @@
49	49	-u developer: \
50	50	-d 'grant_type=password' \
51	51	-d "username=${clb_dev_username}" \
52		- -d "password=${clb_dev_pwd}"; \
	52	+ -d "password=${clb_dev_pwd}" |
	53	+
	54	+# Prettify the JSON response
	55	+json_pp;
53	53
54	54	# Erase the credentials from local variables
55	55	clb_dev_pwd='';clb_dev_username=''
...	...	@@ -71,3 +71,91 @@
71	71	{{/code}}
72	72
73	73	Copy the "access_token" value, it is the one that will be needed for the next step.
	77	+
	78	+=== Creating the client ===
	79	+
	80	+With your developer token, you can now create clients by sending a JSON representation to a specific endpoint:
	81	+
	82	+{{code language="bash"}}
	83	+# Set your developer token
	84	+clb_dev_token=...
	85	+
	86	+# Send the creation request
	87	+curl -X POST https://iam.humanbrainproject.eu/auth/realms/hbp/clients-registrations/default/ \
	88	+ -H "Authorization: Bearer ${clb_dev_token}" \
	89	+ -H 'Content-Type: application/json' \
	90	+ -d '{
	91	+ "clientId": "my-awesome-client",
	92	+ "name": "My Awesome App",
	93	+ "description": "This describes what my app is for end users",
	94	+ "rootUrl": "https://root.url.of.my.app",
	95	+ "baseUrl": "/relative/path/to/its/frontpage.html",
	96	+ "redirectUris": [
	97	+ "/relative/redirect/path",
	98	+ "/these/can/use/wildcards/*"
	99	+ ],
	100	+ "webOrigins": ["+"],
	101	+ "bearerOnly": false,
	102	+ "consentRequired": true,
	103	+ "standardFlowEnabled": true,
	104	+ "implicitFlowEnabled": true,
	105	+ "directAccessGrantsEnabled": false,
	106	+ "attributes": {
	107	+ "contacts": "first.contact@example.com; second.contact@example.com"
	108	+ }
	109	+ }' |
	110	+
	111	+# Prettify the JSON response
	112	+json_pp;
	113	+{{/code}}
	114	+
	115	+In case of success, the endpoint will return its representation of your client:
	116	+
	117	+{{code language="json"}}
	118	+{
	119	+ "defaultClientScopes" : [
	120	+ "web-origins",
	121	+ "roles"
	122	+ ],
	123	+ "redirectUris" : [
	124	+ "/relative/redirect/path",
	125	+ "/these/can/use/wildcards/*"
	126	+ ],
	127	+ "nodeReRegistrationTimeout" : -1,
	128	+ "rootUrl" : "https://root.url.of.my.app",
	129	+ "webOrigins" : [
	130	+ "+"
	131	+ ],
	132	+ "authenticationFlowBindingOverrides" : {},
	133	+ "baseUrl" : "/relative/path/to/its/frontpage.html",
	134	+ "description" : "This describes what my app is for end users",
	135	+ "notBefore" : 0,
	136	+ "frontchannelLogout" : false,
	137	+ "enabled" : true,
	138	+ "registrationAccessToken" : "eyJhbGciOi...",
	139	+ "consentRequired" : true,
	140	+ "fullScopeAllowed" : false,
	141	+ "clientAuthenticatorType" : "client-secret",
	142	+ "surrogateAuthRequired" : false,
	143	+ "directAccessGrantsEnabled" : false,
	144	+ "standardFlowEnabled" : true,
	145	+ "id" : "551b49a0-ec69-41af-9461-6c10fbc79a35",
	146	+ "attributes" : {
	147	+ "contacts" : "first.contact@example.com; second.contact@example.com"
	148	+ },
	149	+ "name" : "My Awesome App",
	150	+ "secret" : "your-client-secret",
	151	+ "publicClient" : false,
	152	+ "clientId" : "my-awesome-client",
	153	+ "optionalClientScopes" : [],
	154	+ "implicitFlowEnabled" : true,
	155	+ "protocol" : "openid-connect",
	156	+ "bearerOnly" : false,
	157	+ "serviceAccountsEnabled" : false
	158	+}
	159	+{{/code}}
	160	+
	161	+Among all the attributes, you should securely save:
	162	+
	163	+* your client **secret** ("secret" attribute) which is needed by your application to **authenticate to the IAM server** when making backend calls
	164	+* your client **registration access token** ("registrationAccessToken")  which is the token you will need to authenticate when **modifying your client in the future**