Warning:  Due to planned infrastructure maintenance, the EBRAINS Wiki and EBRAINS Support system will be unavailable for up to three days starting Monday, 14 July. During this period, both services will be inaccessible, and any emails sent to the support address will not be received.

Attention: We are currently experiencing some issues with the EBRAINS Drive. Please bear with us as we fix this issue. We apologise for any inconvenience caused.


Last modified by bougault on 2022/03/02 11:58
From version 2.2
edited by allan
on 2019/09/19 11:05
Change comment: There is no comment for this version
To version 3.1
edited by allan
on 2019/09/19 11:16
Change comment: Creating the client

Summary

Details

Page properties
Content
... ... @@ -77,4 +77,88 @@
77 77  
78 78  === Creating the client ===
79 79  
80 -Clients can be created by sending a JSON representation t
80 +Clients can be created by sending a JSON representation to a specific endpoint:
81 +
82 +{{code language="bash"}}
83 +# Set your developer token
84 +clb_dev_token=...
85 +
86 +# Send the creation request
87 +curl -X POST https://iam.humanbrainproject.eu/auth/realms/hbp/clients-registrations/default/ \
88 + -H "Authorization: Bearer ${clb_dev_token}" \
89 + -H 'Content-Type: application/json' \
90 + -d '{
91 + "clientId": "my-awesome-client",
92 + "name": "My Awesome App",
93 + "description": "This describes what my app is for end users",
94 + "rootUrl": "https://root.url.of.my.app",
95 + "baseUrl": "/relative/path/to/its/frontpage.html",
96 + "redirectUris": [
97 + "/relative/redirect/path",
98 + "/these/can/use/wildcards/*"
99 + ],
100 + "webOrigins": ["+"],
101 + "bearerOnly": false,
102 + "consentRequired": true,
103 + "standardFlowEnabled": true,
104 + "implicitFlowEnabled": true,
105 + "directAccessGrantsEnabled": false,
106 + "attributes": {
107 + "contacts": "first.contact@example.com; second.contact@example.com"
108 + }
109 + }' |
110 +
111 +# Prettify the JSON response
112 +json_pp;
113 +{{/code}}
114 +
115 +In case of success, the endpoint will return its representation of your client:
116 +
117 +{{code language="json"}}
118 +{
119 + "defaultClientScopes" : [
120 + "web-origins",
121 + "roles"
122 + ],
123 + "redirectUris" : [
124 + "/relative/redirect/path",
125 + "/these/can/use/wildcards/*"
126 + ],
127 + "nodeReRegistrationTimeout" : -1,
128 + "rootUrl" : "https://root.url.of.my.app",
129 + "webOrigins" : [
130 + "+"
131 + ],
132 + "authenticationFlowBindingOverrides" : {},
133 + "baseUrl" : "/relative/path/to/its/frontpage.html",
134 + "description" : "This describes what my app is for end users",
135 + "notBefore" : 0,
136 + "frontchannelLogout" : false,
137 + "enabled" : true,
138 + "registrationAccessToken" : "eyJhbGciOi...",
139 + "consentRequired" : true,
140 + "fullScopeAllowed" : false,
141 + "clientAuthenticatorType" : "client-secret",
142 + "surrogateAuthRequired" : false,
143 + "directAccessGrantsEnabled" : false,
144 + "standardFlowEnabled" : true,
145 + "id" : "551b49a0-ec69-41af-9461-6c10fbc79a35",
146 + "attributes" : {
147 + "contacts" : "first.contact@example.com; second.contact@example.com"
148 + },
149 + "name" : "My Awesome App",
150 + "secret" : "your-client-secret",
151 + "publicClient" : false,
152 + "clientId" : "my-awesome-client",
153 + "optionalClientScopes" : [],
154 + "implicitFlowEnabled" : true,
155 + "protocol" : "openid-connect",
156 + "bearerOnly" : false,
157 + "serviceAccountsEnabled" : false
158 +}
159 +{{/code}}
160 +
161 +Among all the attributes, you should securely save:
162 +
163 +* your client secret ("secret" attribute) which is needed by your application to authenticate to the IAM server when making backend calls
164 +* your client registration access token ("registrationAccessToken")  which is the token you will need to authenticate when modifying your client in the future