Last modified by bougault on 2022/03/02 11:58
From version 2.2
edited by allan
on 2019/09/19 11:05
Change comment: There is no comment for this version
To version 8.1
edited by allan
on 2019/11/21 16:15
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -1,25 +1,23 @@
1 -The Collaboratory is designed to be extended with applications provided by its community of users.
1 +Developers can extend the Collaboratory capabilities by providing applications to its community of users.
2 2  
3 -This guide describes how developers can contribute by creating and registering applications within the Collaboratory.
3 +This guide describes the steps to make this possible.
4 4  
5 -{{toc numbered="true" start="2"/}}
6 -
7 7  == Becoming a contributor ==
8 8  
9 -The first step is for you to be recognised as a contributor. Contributors can register and manage applications within the Community Apps Catalogue.
7 +The first step is for you to **become a contributor**. Contributors can register and manage applications within the Community Apps Catalogue.
10 10  
11 -To become a contributor, send an email to [[support@humanbrainproject.eu>>mailto:support@humanbrainproject.eu]] with a short summary of your intentions.
9 +Send an email to [[support@humanbrainproject.eu>>mailto:support@humanbrainproject.eu]] with a short summary of your intentions.
12 12  
13 -The support team will apply the permissions to your user and the next time you will login, your account will be upgraded with developers privileges.
11 +The support team will apply the permissions to your user: your account will be upgraded with developers privileges the next time you will login.
14 14  
15 15  (% class="box infomessage" %)
16 16  (((
17 -Please note that, currently, only SGA2 accredited users will be automatically granted the contributor level.
15 +Only SGA2 accredited users will be automatically granted the contributor level.
18 18  )))
19 19  
20 20  == Registering an application in the Catalogue ==
21 21  
22 -The Community Apps Catalogue is the place where collab authors look for applications to add to their collabs.
20 +Collab authors find applications to add to their collabs in the Community Apps Catalogue.
23 23  
24 24  {{error}}
25 25  TODO: describe the steps to register an app in the Catalogue
... ... @@ -29,15 +29,15 @@
29 29  
30 30  The steps to create an OpenID Connect client are the following:
31 31  
32 -* get an access token from the `developer` client
33 -* use the token to call the create endpoint
34 -* save your registration access token for further modifications of your client
30 +1. get an access token from the `developer` client
31 +1. use the token to call the create endpoint
32 +1. save your registration access token for further modifications of your client
35 35  
36 36  === Fetching your developer access token ===
37 37  
38 -In order to get your developer token, you need to authenticate against the developer client with the password grant.
36 +Getting your developer token is done in one simple step: authenticate against the developer client with the password grant.
39 39  
40 -This can be achieved with this sample bash script:
38 +This can be achieved with this sample shell script:
41 41  
42 42  {{code language="bash"}}
43 43  # Gather username and password from user
... ... @@ -73,8 +73,123 @@
73 73  }
74 74  {{/code}}
75 75  
76 -Copy the "access_token" value, it is the one that will be needed for the next step.
74 +Copy the "access_token" value, you will need if for the next step.
77 77  
78 78  === Creating the client ===
79 79  
80 -Clients can be created by sending a JSON representation t
78 +You can now create clients by sending a JSON representation to a specific endpoint:
79 +
80 +{{code language="bash"}}
81 +# Set your developer token
82 +clb_dev_token=...
83 +
84 +# Send the creation request
85 +curl -X POST https://iam.humanbrainproject.eu/auth/realms/hbp/clients-registrations/default/ \
86 + -H "Authorization: Bearer ${clb_dev_token}" \
87 + -H 'Content-Type: application/json' \
88 + -d '{
89 + "clientId": "my-awesome-client",
90 + "name": "My Awesome App",
91 + "description": "This describes what my app is for end users",
92 + "rootUrl": "https://root.url.of.my.app",
93 + "baseUrl": "/relative/path/to/its/frontpage.html",
94 + "redirectUris": [
95 + "/relative/redirect/path",
96 + "/these/can/use/wildcards/*"
97 + ],
98 + "webOrigins": ["+"],
99 + "bearerOnly": false,
100 + "consentRequired": true,
101 + "standardFlowEnabled": true,
102 + "implicitFlowEnabled": true,
103 + "directAccessGrantsEnabled": false,
104 + "attributes": {
105 + "contacts": "first.contact@example.com; second.contact@example.com"
106 + }
107 + }' |
108 +
109 +# Prettify the JSON response
110 +json_pp;
111 +{{/code}}
112 +
113 +In case of success, the endpoint will return its representation of your client:
114 +
115 +{{code language="json"}}
116 +{
117 + "defaultClientScopes" : [
118 + "web-origins",
119 + "roles"
120 + ],
121 + "redirectUris" : [
122 + "/relative/redirect/path",
123 + "/these/can/use/wildcards/*"
124 + ],
125 + "nodeReRegistrationTimeout" : -1,
126 + "rootUrl" : "https://root.url.of.my.app",
127 + "webOrigins" : [
128 + "+"
129 + ],
130 + "authenticationFlowBindingOverrides" : {},
131 + "baseUrl" : "/relative/path/to/its/frontpage.html",
132 + "description" : "This describes what my app is for end users",
133 + "notBefore" : 0,
134 + "frontchannelLogout" : false,
135 + "enabled" : true,
136 + "registrationAccessToken" : "eyJhbGciOi...",
137 + "consentRequired" : true,
138 + "fullScopeAllowed" : false,
139 + "clientAuthenticatorType" : "client-secret",
140 + "surrogateAuthRequired" : false,
141 + "directAccessGrantsEnabled" : false,
142 + "standardFlowEnabled" : true,
143 + "id" : "551b49a0-ec69-41af-9461-6c10fbc79a35",
144 + "attributes" : {
145 + "contacts" : "first.contact@example.com; second.contact@example.com"
146 + },
147 + "name" : "My Awesome App",
148 + "secret" : "your-client-secret",
149 + "publicClient" : false,
150 + "clientId" : "my-awesome-client",
151 + "optionalClientScopes" : [],
152 + "implicitFlowEnabled" : true,
153 + "protocol" : "openid-connect",
154 + "bearerOnly" : false,
155 + "serviceAccountsEnabled" : false
156 +}
157 +{{/code}}
158 +
159 +Among all the attributes, you should securely save:
160 +
161 +* your client **secret** ("secret" attribute): it is needed by your application to **authenticate to the IAM server** when making backend calls
162 +* your client **registration access token** ("registrationAccessToken"): you will need it to authenticate when **modifying your client in the future**
163 +
164 +=== Modifying your client ===
165 +
166 +Update your client with a PUT request:
167 +
168 +{{code language="bash"}}
169 +# Set your registration token and client id
170 +clb_reg_token=...
171 +
172 +# Update the client
173 +curl -X PUT https://iam.humanbrainproject.eu/auth/realms/hbp/clients-registrations/default/my-awesome-client \
174 + -H "Authorization: Bearer ${clb_reg_token}" \
175 + -H 'Content-Type: application/json' \
176 + -d '{
177 + "clientId": "my-awesome-client",
178 + "redirectUris": [
179 + "/relative/redirect/path",
180 + "/these/can/use/wildcards/*",
181 + "/a/new/redirect/uri"
182 + ]
183 + }' |
184 +
185 +# Prettify the JSON response
186 +json_pp;
187 +{{/code}}
188 +
189 + Note that your need to provide your client id both in the endpoint URL and within the body of the request.
190 +
191 +{{warning}}
192 +/!\ ** Each time you modify your client, a new registration access token will be generated. You need to track of your token changes to keep access to your client.   **/!\
193 +{{/warning}}
XWiki.DocumentSheetBinding[0]
Sheet
... ... @@ -1,0 +1,1 @@
1 +Collaboratory.Apps.Article.Code.ArticleViewSheet
XWiki.DocumentSheetBinding[1]
Sheet
... ... @@ -1,0 +1,1 @@
1 +Collaboratory.Apps.Article.Code.ArticlePreviewSheet