Warning:  Due to planned infrastructure maintenance, the EBRAINS Wiki and EBRAINS Support system will be unavailable for up to three days starting Monday, 14 July. During this period, both services will be inaccessible, and any emails sent to the support address will not be received.

Attention: We are currently experiencing some issues with the EBRAINS Drive. Please bear with us as we fix this issue. We apologise for any inconvenience caused.


Last modified by bougault on 2022/03/02 11:58
From version 3.1
edited by allan
on 2019/09/19 11:16
Change comment: Creating the client
To version 2.1
edited by allan
on 2019/09/18 15:51
Change comment: Fetching your developer access token

Summary

Details

Page properties
Content
... ... @@ -31,7 +31,7 @@
31 31  
32 32  * get an access token from the `developer` client
33 33  * use the token to call the create endpoint
34 -* save your registration access token for further modifications of your client
34 +* save your registration access token for further modify your client
35 35  
36 36  === Fetching your developer access token ===
37 37  
... ... @@ -41,8 +41,8 @@
41 41  
42 42  {{code language="bash"}}
43 43  # Gather username and password from user
44 -echo '\nEnter your username' && read clb_dev_username &&
45 -echo '\nEnter your password' && read -s clb_dev_pwd &&
44 +echo 'Enter your username' && read clb_dev_username &&
45 +echo 'Enter your password' && read -s clb_dev_pwd &&
46 46  
47 47  # Fetch the token
48 48  curl -X POST https://iam.humanbrainproject.eu/auth/realms/hbp/protocol/openid-connect/token \
... ... @@ -49,10 +49,7 @@
49 49   -u developer: \
50 50   -d 'grant_type=password' \
51 51   -d "username=${clb_dev_username}" \
52 - -d "password=${clb_dev_pwd}" |
53 -
54 -# Prettify the JSON response
55 -json_pp;
52 + -d "password=${clb_dev_pwd}"; \
56 56  
57 57  # Erase the credentials from local variables
58 58  clb_dev_pwd='';clb_dev_username=''
... ... @@ -74,91 +74,3 @@
74 74  {{/code}}
75 75  
76 76  Copy the "access_token" value, it is the one that will be needed for the next step.
77 -
78 -=== Creating the client ===
79 -
80 -Clients can be created by sending a JSON representation to a specific endpoint:
81 -
82 -{{code language="bash"}}
83 -# Set your developer token
84 -clb_dev_token=...
85 -
86 -# Send the creation request
87 -curl -X POST https://iam.humanbrainproject.eu/auth/realms/hbp/clients-registrations/default/ \
88 - -H "Authorization: Bearer ${clb_dev_token}" \
89 - -H 'Content-Type: application/json' \
90 - -d '{
91 - "clientId": "my-awesome-client",
92 - "name": "My Awesome App",
93 - "description": "This describes what my app is for end users",
94 - "rootUrl": "https://root.url.of.my.app",
95 - "baseUrl": "/relative/path/to/its/frontpage.html",
96 - "redirectUris": [
97 - "/relative/redirect/path",
98 - "/these/can/use/wildcards/*"
99 - ],
100 - "webOrigins": ["+"],
101 - "bearerOnly": false,
102 - "consentRequired": true,
103 - "standardFlowEnabled": true,
104 - "implicitFlowEnabled": true,
105 - "directAccessGrantsEnabled": false,
106 - "attributes": {
107 - "contacts": "first.contact@example.com; second.contact@example.com"
108 - }
109 - }' |
110 -
111 -# Prettify the JSON response
112 -json_pp;
113 -{{/code}}
114 -
115 -In case of success, the endpoint will return its representation of your client:
116 -
117 -{{code language="json"}}
118 -{
119 - "defaultClientScopes" : [
120 - "web-origins",
121 - "roles"
122 - ],
123 - "redirectUris" : [
124 - "/relative/redirect/path",
125 - "/these/can/use/wildcards/*"
126 - ],
127 - "nodeReRegistrationTimeout" : -1,
128 - "rootUrl" : "https://root.url.of.my.app",
129 - "webOrigins" : [
130 - "+"
131 - ],
132 - "authenticationFlowBindingOverrides" : {},
133 - "baseUrl" : "/relative/path/to/its/frontpage.html",
134 - "description" : "This describes what my app is for end users",
135 - "notBefore" : 0,
136 - "frontchannelLogout" : false,
137 - "enabled" : true,
138 - "registrationAccessToken" : "eyJhbGciOi...",
139 - "consentRequired" : true,
140 - "fullScopeAllowed" : false,
141 - "clientAuthenticatorType" : "client-secret",
142 - "surrogateAuthRequired" : false,
143 - "directAccessGrantsEnabled" : false,
144 - "standardFlowEnabled" : true,
145 - "id" : "551b49a0-ec69-41af-9461-6c10fbc79a35",
146 - "attributes" : {
147 - "contacts" : "first.contact@example.com; second.contact@example.com"
148 - },
149 - "name" : "My Awesome App",
150 - "secret" : "your-client-secret",
151 - "publicClient" : false,
152 - "clientId" : "my-awesome-client",
153 - "optionalClientScopes" : [],
154 - "implicitFlowEnabled" : true,
155 - "protocol" : "openid-connect",
156 - "bearerOnly" : false,
157 - "serviceAccountsEnabled" : false
158 -}
159 -{{/code}}
160 -
161 -Among all the attributes, you should securely save:
162 -
163 -* your client secret ("secret" attribute) which is needed by your application to authenticate to the IAM server when making backend calls
164 -* your client registration access token ("registrationAccessToken")  which is the token you will need to authenticate when modifying your client in the future