Attention: The EBRAINS drive will be unavailable for most of the weekend starting the 25th October. Although the Lab is availble while the Drive is down, files that are stored in the Drive will not be loaded and you will be unable to save documents directly on the Lab.


Last modified by bougault on 2022/03/02 11:58
From version 2.2
edited by allan
on 2019/09/19 11:05
Change comment: There is no comment for this version
To version 3.1
edited by allan
on 2019/09/19 11:16
Change comment: Creating the client

Summary

Details

Page properties
Content
... ... @@ -77,4 +77,88 @@
77 77  
78 78  === Creating the client ===
79 79  
80 -Clients can be created by sending a JSON representation t
80 +Clients can be created by sending a JSON representation to a specific endpoint:
81 +
82 +{{code language="bash"}}
83 +# Set your developer token
84 +clb_dev_token=...
85 +
86 +# Send the creation request
87 +curl -X POST https://iam.humanbrainproject.eu/auth/realms/hbp/clients-registrations/default/ \
88 + -H "Authorization: Bearer ${clb_dev_token}" \
89 + -H 'Content-Type: application/json' \
90 + -d '{
91 + "clientId": "my-awesome-client",
92 + "name": "My Awesome App",
93 + "description": "This describes what my app is for end users",
94 + "rootUrl": "https://root.url.of.my.app",
95 + "baseUrl": "/relative/path/to/its/frontpage.html",
96 + "redirectUris": [
97 + "/relative/redirect/path",
98 + "/these/can/use/wildcards/*"
99 + ],
100 + "webOrigins": ["+"],
101 + "bearerOnly": false,
102 + "consentRequired": true,
103 + "standardFlowEnabled": true,
104 + "implicitFlowEnabled": true,
105 + "directAccessGrantsEnabled": false,
106 + "attributes": {
107 + "contacts": "first.contact@example.com; second.contact@example.com"
108 + }
109 + }' |
110 +
111 +# Prettify the JSON response
112 +json_pp;
113 +{{/code}}
114 +
115 +In case of success, the endpoint will return its representation of your client:
116 +
117 +{{code language="json"}}
118 +{
119 + "defaultClientScopes" : [
120 + "web-origins",
121 + "roles"
122 + ],
123 + "redirectUris" : [
124 + "/relative/redirect/path",
125 + "/these/can/use/wildcards/*"
126 + ],
127 + "nodeReRegistrationTimeout" : -1,
128 + "rootUrl" : "https://root.url.of.my.app",
129 + "webOrigins" : [
130 + "+"
131 + ],
132 + "authenticationFlowBindingOverrides" : {},
133 + "baseUrl" : "/relative/path/to/its/frontpage.html",
134 + "description" : "This describes what my app is for end users",
135 + "notBefore" : 0,
136 + "frontchannelLogout" : false,
137 + "enabled" : true,
138 + "registrationAccessToken" : "eyJhbGciOi...",
139 + "consentRequired" : true,
140 + "fullScopeAllowed" : false,
141 + "clientAuthenticatorType" : "client-secret",
142 + "surrogateAuthRequired" : false,
143 + "directAccessGrantsEnabled" : false,
144 + "standardFlowEnabled" : true,
145 + "id" : "551b49a0-ec69-41af-9461-6c10fbc79a35",
146 + "attributes" : {
147 + "contacts" : "first.contact@example.com; second.contact@example.com"
148 + },
149 + "name" : "My Awesome App",
150 + "secret" : "your-client-secret",
151 + "publicClient" : false,
152 + "clientId" : "my-awesome-client",
153 + "optionalClientScopes" : [],
154 + "implicitFlowEnabled" : true,
155 + "protocol" : "openid-connect",
156 + "bearerOnly" : false,
157 + "serviceAccountsEnabled" : false
158 +}
159 +{{/code}}
160 +
161 +Among all the attributes, you should securely save:
162 +
163 +* your client secret ("secret" attribute) which is needed by your application to authenticate to the IAM server when making backend calls
164 +* your client registration access token ("registrationAccessToken")  which is the token you will need to authenticate when modifying your client in the future