Last modified by bougault on 2022/03/02 11:58
From version 8.2
edited by allan
on 2019/11/25 14:29
Change comment: Update document after refactoring.
To version 33.1
edited by bougault
on 2020/09/03 11:14
Change comment: There is no comment for this version

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.allan
1 +XWiki.bougault
Content
... ... @@ -4,190 +4,99 @@
4 4  
5 5  == Becoming a contributor ==
6 6  
7 -The first step is for you to **become a contributor**. Contributors can register and manage applications within the Community Apps Catalogue.
7 +The first step is for you to **get the developer accreditation**. Contributors can register and manage apps within the Community Apps Catalogue.
8 8  
9 -Send an email to [[support@humanbrainproject.eu>>mailto:support@humanbrainproject.eu]] with a short summary of your intentions.
9 +Send an email to [[support@ebrains.eu>>mailto:support@ebrains.eu]] with a short motivation for your request.
10 10  
11 -The support team will apply the permissions to your user: your account will be upgraded with developers privileges the next time you will login.
11 +The support team will apply the permissions to your user. Your account will be [[upgraded with developer privileges>>doc:Collabs.collab-devs.collaboratory-v2.keycloak.user administration.WebHome]] the next time you login.
12 12  
13 13  (% class="box infomessage" %)
14 14  (((
15 -Only SGA2 accredited users will be automatically granted the contributor level.
15 +Only SGA3 accredited users will be automatically granted the developer accreditation.
16 16  )))
17 17  
18 -== Registering an application in the Catalogue ==
18 +== Making your app available to users ==
19 19  
20 -Collab authors find applications to add to their collabs in the Community Apps Catalogue.
20 +In order for users to install your app, it needs to be registered in the [[Community Apps Catalogue>>doc:Apps.WebHome]].
21 21  
22 -{{error}}
23 -TODO: describe the steps to register an app in the Catalogue
24 -{{/error}}
22 +If you are dealing with private data, or your users need to be authenticated, see [[authentication and authorization in the Collaboratory.>>doc:Collabs.the-collaboratory.Technical documentation.Architecture.Permissions.Authentication & Authorisation using OIDC.WebHome]]
25 25  
26 -== Creating your OpenID Connect client ==
24 +=== Registering an application in the Catalogue ===
27 27  
28 -The steps to create an OpenID Connect client are the following:
26 +Navigate to the catalogue and click on **+Create App** in the top right corner. Enter a name for your app and click on **Create**.
29 29  
30 -1. get an access token from the `developer` client
31 -1. use the token to call the create endpoint
32 -1. save your registration access token for further modifications of your client
28 +Fill the form with the following information:
33 33  
34 -=== Fetching your developer access token ===
30 +* **main URL**: the URL of the homepage of your app. This is where the users will be directed when they open your app in a collab.
31 +* **settings URL**: the URL of your app's settings management page, if there is one.
32 +* **description**: a description of what your app does. This helps users choose the apps they install.
33 +* **under development?**: if checked, your app will not be available to other users.
34 +* **category**: a category to help structure the list of apps.
35 +* **maintainers**: a list of users who maintain the app. The users need to have logged in the wiki at least once to appear on the list. Maintainers are granted the right to modify the app's registration.
36 +* **documentation URL**: if your app has online user documentation, a link will be provided to users when they use your app.
37 +* **repository**: a URL to a public repository so users can access the source code of your app.
35 35  
36 -Getting your developer token is done in one simple step: authenticate against the developer client with the password grant.
39 +Click on **Save**. Your app is now registered and waiting for users to install it!
37 37  
38 -This can be achieved with this sample shell script:
41 +=== Installing your app in a collab ===
39 39  
40 -{{code language="bash"}}
41 -# Gather username and password from user
42 -echo '\nEnter your username' && read clb_dev_username &&
43 -echo '\nEnter your password' && read -s clb_dev_pwd &&
43 +1. In order to install your app, you need to navigate to a collab where you have either the **editor** or **admin** role.
44 +1. Click on **Create** at the top right to create a new entry in the navigation pane under the current wiki page. Enter a title for this instance of your app and select **Community App** in the right selector.
45 +1. Click on **Create**. You will be presented with the Community App Catalogue. The apps you will see are the public apps and the ones for which you are a maintainer.
46 +1. Select your app and click on **Save and View**.
44 44  
45 -# Fetch the token
46 -curl -X POST https://iam.humanbrainproject.eu/auth/realms/hbp/protocol/openid-connect/token \
47 - -u developer: \
48 - -d 'grant_type=password' \
49 - -d "username=${clb_dev_username}" \
50 - -d "password=${clb_dev_pwd}" |
51 -
52 -# Prettify the JSON response
53 -json_pp;
48 +You should now see your app in your collab just as other users will see it.
54 54  
55 -# Erase the credentials from local variables
56 -clb_dev_pwd='';clb_dev_username=''
57 -{{/code}}
50 +== Getting your app instance context ==
58 58  
59 -The response will be similar to:
52 +Instances of your apps will be installed by collab owners in many different collabs. In order to let you customise the user experience based on its context, the Collaboratory will automatically pass query parameters to your app:
60 60  
61 -{{code language="json"}}
62 -{
63 - "access_token": "eyJhbGci...",
64 - "expires_in": 108000,
65 - "refresh_expires_in": 14400,
66 - "refresh_token": "eyJhbGci...",
67 - "token_type": "bearer",
68 - "not-before-policy": 1563261088,
69 - "session_state": "0ac3dfcd-aa5e-42eb-b333-2f73496b81f8",
70 - "scope": ""
71 -}
72 -{{/code}}
54 +* **##clb-collab-id##**: the unique, human-readable identifier of the collab.
55 +* ##**clb-doc-path**##: the (relative) path to your app instance within the collab. If your app is at the root of a collab, this value will be empty.
56 +* ##**clb-doc-name**##: the name of the document where your app instance is installed.
57 +* ##**clb-drive-id**##: the unique identifier of the drive of the collab. This id is required if you want to fetch or store documents within the drive of the collab.
73 73  
74 -Copy the "access_token" value, you will need if for the next step.
59 +== App settings ==
75 75  
76 -=== Creating the client ===
61 +The app settings are the values the collab owners can modify to change the behaviour of your app within their collabs.
77 77  
78 -You can now create clients by sending a JSON representation to a specific endpoint:
63 +=== Writing settings ===
79 79  
80 -{{code language="bash"}}
81 -# Set your developer token
82 -clb_dev_token=...
65 +The Collaboratory comes with a mechanism to let your app store its settings directly in the Collaboratory.
83 83  
84 -# Send the creation request
85 -curl -X POST https://iam.humanbrainproject.eu/auth/realms/hbp/clients-registrations/default/ \
86 - -H "Authorization: Bearer ${clb_dev_token}" \
87 - -H 'Content-Type: application/json' \
88 - -d '{
89 - "clientId": "my-awesome-client",
90 - "name": "My Awesome App",
91 - "description": "This describes what my app is for end users",
92 - "rootUrl": "https://root.url.of.my.app",
93 - "baseUrl": "/relative/path/to/its/frontpage.html",
94 - "redirectUris": [
95 - "/relative/redirect/path",
96 - "/these/can/use/wildcards/*"
97 - ],
98 - "webOrigins": ["+"],
99 - "bearerOnly": false,
100 - "consentRequired": true,
101 - "standardFlowEnabled": true,
102 - "implicitFlowEnabled": true,
103 - "directAccessGrantsEnabled": false,
104 - "attributes": {
105 - "contacts": "first.contact@example.com; second.contact@example.com"
106 - }
107 - }' |
67 +In order to do that, your app needs to use the [[postMessage javascript API>>https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage]] to send the settings to be stored in the Collaboratory. The settings are key/value pairs as in the example below.
108 108  
109 -# Prettify the JSON response
110 -json_pp;
69 +{{code language="javascript"}}
70 +window.parent.postMessage({
71 + topic: '/clb/community-app/settings',
72 + data: {
73 + setting1: 'setting 1 value',
74 + setting2: 'setting 2 value',
75 + // ...
76 + // reload: false // avoid page reload on settings change
77 + }}, 'https://wiki.ebrains.eu');
111 111  {{/code}}
112 112  
113 -In case of success, the endpoint will return its representation of your client:
80 +=== Reading settings ===
114 114  
115 -{{code language="json"}}
116 -{
117 - "defaultClientScopes" : [
118 - "web-origins",
119 - "roles"
120 - ],
121 - "redirectUris" : [
122 - "/relative/redirect/path",
123 - "/these/can/use/wildcards/*"
124 - ],
125 - "nodeReRegistrationTimeout" : -1,
126 - "rootUrl" : "https://root.url.of.my.app",
127 - "webOrigins" : [
128 - "+"
129 - ],
130 - "authenticationFlowBindingOverrides" : {},
131 - "baseUrl" : "/relative/path/to/its/frontpage.html",
132 - "description" : "This describes what my app is for end users",
133 - "notBefore" : 0,
134 - "frontchannelLogout" : false,
135 - "enabled" : true,
136 - "registrationAccessToken" : "eyJhbGciOi...",
137 - "consentRequired" : true,
138 - "fullScopeAllowed" : false,
139 - "clientAuthenticatorType" : "client-secret",
140 - "surrogateAuthRequired" : false,
141 - "directAccessGrantsEnabled" : false,
142 - "standardFlowEnabled" : true,
143 - "id" : "551b49a0-ec69-41af-9461-6c10fbc79a35",
144 - "attributes" : {
145 - "contacts" : "first.contact@example.com; second.contact@example.com"
146 - },
147 - "name" : "My Awesome App",
148 - "secret" : "your-client-secret",
149 - "publicClient" : false,
150 - "clientId" : "my-awesome-client",
151 - "optionalClientScopes" : [],
152 - "implicitFlowEnabled" : true,
153 - "protocol" : "openid-connect",
154 - "bearerOnly" : false,
155 - "serviceAccountsEnabled" : false
156 -}
157 -{{/code}}
82 +The Collaboratory will get the settings from its key/value store and pass them to your app through query parameters.
158 158  
159 -Among all the attributes, you should securely save:
160 160  
161 -* your client **secret** ("secret" attribute): it is needed by your application to **authenticate to the IAM server** when making backend calls
162 -* your client **registration access token** ("registrationAccessToken"): you will need it to authenticate when **modifying your client in the future**
85 +== Updating parent frame fragment (hash) ==
163 163  
164 -=== Modifying your client ===
87 +The app you are developing might be a single page app that need to handle some routing between views. The Community Apps environment gives you the ability to update the parent frame fragment.
165 165  
166 -Update your client with a PUT request:
89 +It uses the [[postMessage javascript API>>https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage]] to communicate from the APP iframe to the wiki (parent) frame.
167 167  
168 -{{code language="bash"}}
169 -# Set your registration token and client id
170 -clb_reg_token=...
171 -
172 -# Update the client
173 -curl -X PUT https://iam.humanbrainproject.eu/auth/realms/hbp/clients-registrations/default/my-awesome-client \
174 - -H "Authorization: Bearer ${clb_reg_token}" \
175 - -H 'Content-Type: application/json' \
176 - -d '{
177 - "clientId": "my-awesome-client",
178 - "redirectUris": [
179 - "/relative/redirect/path",
180 - "/these/can/use/wildcards/*",
181 - "/a/new/redirect/uri"
182 - ]
183 - }' |
184 -
185 -# Prettify the JSON response
186 -json_pp;
91 +{{code language="javascript"}}
92 +window.parent.postMessage({
93 + topic: '/clb/community-app/hashchange',
94 + data: "the_fragment_value"
95 +}, 'https://wiki.ebrains.eu');
187 187  {{/code}}
188 188  
189 - Note that your need to provide your client id both in the endpoint URL and within the body of the request.
98 +If a fragment is present in the parent frame URL, at parent page load time, this fragment is transmitted to the App's iframe.
190 190  
191 -{{warning}}
192 -/!\ ** Each time you modify your client, a new registration access token will be generated. You need to track of your token changes to keep access to your client.   **/!\
193 -{{/warning}}
100 +== Creating your OpenID Connect client ==
101 +
102 +See the instructions [[here>>doc:Collabs.collaboratory-community-apps.Community App Developer Guide.1\. Registering an OIDC client.WebHome]].