Warning:  Due to planned infrastructure maintenance, the EBRAINS Wiki and EBRAINS Support system will be unavailable for up to three days starting Monday, 14 July. During this period, both services will be inaccessible, and any emails sent to the support address will not be received.

Attention: We are currently experiencing some issues with the EBRAINS Drive. Please bear with us as we fix this issue. We apologise for any inconvenience caused.


Last modified by bougault on 2022/03/02 11:58
From version 2.2
edited by allan
on 2019/09/19 11:05
Change comment: There is no comment for this version
To version 8.1
edited by allan
on 2019/11/21 16:15
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -1,25 +1,23 @@
1 -The Collaboratory is designed to be extended with applications provided by its community of users.
1 +Developers can extend the Collaboratory capabilities by providing applications to its community of users.
2 2  
3 -This guide describes how developers can contribute by creating and registering applications within the Collaboratory.
3 +This guide describes the steps to make this possible.
4 4  
5 -{{toc numbered="true" start="2"/}}
6 -
7 7  == Becoming a contributor ==
8 8  
9 -The first step is for you to be recognised as a contributor. Contributors can register and manage applications within the Community Apps Catalogue.
7 +The first step is for you to **become a contributor**. Contributors can register and manage applications within the Community Apps Catalogue.
10 10  
11 -To become a contributor, send an email to [[support@humanbrainproject.eu>>mailto:support@humanbrainproject.eu]] with a short summary of your intentions.
9 +Send an email to [[support@humanbrainproject.eu>>mailto:support@humanbrainproject.eu]] with a short summary of your intentions.
12 12  
13 -The support team will apply the permissions to your user and the next time you will login, your account will be upgraded with developers privileges.
11 +The support team will apply the permissions to your user: your account will be upgraded with developers privileges the next time you will login.
14 14  
15 15  (% class="box infomessage" %)
16 16  (((
17 -Please note that, currently, only SGA2 accredited users will be automatically granted the contributor level.
15 +Only SGA2 accredited users will be automatically granted the contributor level.
18 18  )))
19 19  
20 20  == Registering an application in the Catalogue ==
21 21  
22 -The Community Apps Catalogue is the place where collab authors look for applications to add to their collabs.
20 +Collab authors find applications to add to their collabs in the Community Apps Catalogue.
23 23  
24 24  {{error}}
25 25  TODO: describe the steps to register an app in the Catalogue
... ... @@ -29,15 +29,15 @@
29 29  
30 30  The steps to create an OpenID Connect client are the following:
31 31  
32 -* get an access token from the `developer` client
33 -* use the token to call the create endpoint
34 -* save your registration access token for further modifications of your client
30 +1. get an access token from the `developer` client
31 +1. use the token to call the create endpoint
32 +1. save your registration access token for further modifications of your client
35 35  
36 36  === Fetching your developer access token ===
37 37  
38 -In order to get your developer token, you need to authenticate against the developer client with the password grant.
36 +Getting your developer token is done in one simple step: authenticate against the developer client with the password grant.
39 39  
40 -This can be achieved with this sample bash script:
38 +This can be achieved with this sample shell script:
41 41  
42 42  {{code language="bash"}}
43 43  # Gather username and password from user
... ... @@ -73,8 +73,123 @@
73 73  }
74 74  {{/code}}
75 75  
76 -Copy the "access_token" value, it is the one that will be needed for the next step.
74 +Copy the "access_token" value, you will need if for the next step.
77 77  
78 78  === Creating the client ===
79 79  
80 -Clients can be created by sending a JSON representation t
78 +You can now create clients by sending a JSON representation to a specific endpoint:
79 +
80 +{{code language="bash"}}
81 +# Set your developer token
82 +clb_dev_token=...
83 +
84 +# Send the creation request
85 +curl -X POST https://iam.humanbrainproject.eu/auth/realms/hbp/clients-registrations/default/ \
86 + -H "Authorization: Bearer ${clb_dev_token}" \
87 + -H 'Content-Type: application/json' \
88 + -d '{
89 + "clientId": "my-awesome-client",
90 + "name": "My Awesome App",
91 + "description": "This describes what my app is for end users",
92 + "rootUrl": "https://root.url.of.my.app",
93 + "baseUrl": "/relative/path/to/its/frontpage.html",
94 + "redirectUris": [
95 + "/relative/redirect/path",
96 + "/these/can/use/wildcards/*"
97 + ],
98 + "webOrigins": ["+"],
99 + "bearerOnly": false,
100 + "consentRequired": true,
101 + "standardFlowEnabled": true,
102 + "implicitFlowEnabled": true,
103 + "directAccessGrantsEnabled": false,
104 + "attributes": {
105 + "contacts": "first.contact@example.com; second.contact@example.com"
106 + }
107 + }' |
108 +
109 +# Prettify the JSON response
110 +json_pp;
111 +{{/code}}
112 +
113 +In case of success, the endpoint will return its representation of your client:
114 +
115 +{{code language="json"}}
116 +{
117 + "defaultClientScopes" : [
118 + "web-origins",
119 + "roles"
120 + ],
121 + "redirectUris" : [
122 + "/relative/redirect/path",
123 + "/these/can/use/wildcards/*"
124 + ],
125 + "nodeReRegistrationTimeout" : -1,
126 + "rootUrl" : "https://root.url.of.my.app",
127 + "webOrigins" : [
128 + "+"
129 + ],
130 + "authenticationFlowBindingOverrides" : {},
131 + "baseUrl" : "/relative/path/to/its/frontpage.html",
132 + "description" : "This describes what my app is for end users",
133 + "notBefore" : 0,
134 + "frontchannelLogout" : false,
135 + "enabled" : true,
136 + "registrationAccessToken" : "eyJhbGciOi...",
137 + "consentRequired" : true,
138 + "fullScopeAllowed" : false,
139 + "clientAuthenticatorType" : "client-secret",
140 + "surrogateAuthRequired" : false,
141 + "directAccessGrantsEnabled" : false,
142 + "standardFlowEnabled" : true,
143 + "id" : "551b49a0-ec69-41af-9461-6c10fbc79a35",
144 + "attributes" : {
145 + "contacts" : "first.contact@example.com; second.contact@example.com"
146 + },
147 + "name" : "My Awesome App",
148 + "secret" : "your-client-secret",
149 + "publicClient" : false,
150 + "clientId" : "my-awesome-client",
151 + "optionalClientScopes" : [],
152 + "implicitFlowEnabled" : true,
153 + "protocol" : "openid-connect",
154 + "bearerOnly" : false,
155 + "serviceAccountsEnabled" : false
156 +}
157 +{{/code}}
158 +
159 +Among all the attributes, you should securely save:
160 +
161 +* your client **secret** ("secret" attribute): it is needed by your application to **authenticate to the IAM server** when making backend calls
162 +* your client **registration access token** ("registrationAccessToken"): you will need it to authenticate when **modifying your client in the future**
163 +
164 +=== Modifying your client ===
165 +
166 +Update your client with a PUT request:
167 +
168 +{{code language="bash"}}
169 +# Set your registration token and client id
170 +clb_reg_token=...
171 +
172 +# Update the client
173 +curl -X PUT https://iam.humanbrainproject.eu/auth/realms/hbp/clients-registrations/default/my-awesome-client \
174 + -H "Authorization: Bearer ${clb_reg_token}" \
175 + -H 'Content-Type: application/json' \
176 + -d '{
177 + "clientId": "my-awesome-client",
178 + "redirectUris": [
179 + "/relative/redirect/path",
180 + "/these/can/use/wildcards/*",
181 + "/a/new/redirect/uri"
182 + ]
183 + }' |
184 +
185 +# Prettify the JSON response
186 +json_pp;
187 +{{/code}}
188 +
189 + Note that your need to provide your client id both in the endpoint URL and within the body of the request.
190 +
191 +{{warning}}
192 +/!\ ** Each time you modify your client, a new registration access token will be generated. You need to track of your token changes to keep access to your client.   **/!\
193 +{{/warning}}
XWiki.DocumentSheetBinding[0]
Sheet
... ... @@ -1,0 +1,1 @@
1 +Collaboratory.Apps.Article.Code.ArticleViewSheet
XWiki.DocumentSheetBinding[1]
Sheet
... ... @@ -1,0 +1,1 @@
1 +Collaboratory.Apps.Article.Code.ArticlePreviewSheet