Changes for page 2. Authenticating with your OIDC client and fetch collab user info
Last modified by messines on 2021/06/08 17:32
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -44,6 +44,8 @@ 44 44 * **openid: **This scope is required because we use the OIDC protocol. It will give your app access to the user's basic information such as username, email and full name. 45 45 * **group **(optional)**: **If you request this scope, the future access token generated will authorize your app to identify which units and groups the user belongs to. 46 46 * **team **(optional)**: **This scope is like the group scope lets your app identify the permissions of the user, but by identifying what collabs the user has access to and with what roles. 47 +* **clb.wiki.read **(optional): access to GET Collab API 48 +* **clb.wiki.write** (optional): access to POST Collab API 47 47 48 48 {{info}} 49 49 The group and team scopes are a simple way for your app to grant permissions to its services and resources when you want to grant access to a very few units, groups, or collab teams. For more complex permission management, contact support. ... ... @@ -67,7 +67,7 @@ 67 67 68 68 ==== Request ==== 69 69 70 -/POST: [[https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token>> url:https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token]]72 +/POST: [[https:~~/~~/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token>>https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token]] 71 71 72 72 with the following parameters: 73 73 ... ... @@ -109,7 +109,7 @@ 109 109 110 110 ==== Request ==== 111 111 112 -/GET: [[https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo>> url:https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo]]114 +/GET: [[https:~~/~~/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo>>https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo]] 113 113 114 114 with the following parameters: 115 115 ... ... @@ -121,7 +121,7 @@ 121 121 122 122 ==== Response ==== 123 123 124 -As response your app receives a JSON with all the information o nthe logged user126 +As response your app receives a JSON with all the information about the logged user 125 125 126 126 (% class="box" %) 127 127 ((( ... ... @@ -144,7 +144,7 @@ 144 144 ], 145 145 "group": [ 146 146 "**group**-collaboratory-developers", 147 - "**unit**-all-projects-hbp-consortium-sga2-sp05-administrator" 149 + "**unit**-all-projects-hbp-consortium-sga2-sp05-**administrator**" 148 148 ] 149 149 }, 150 150 "mitreid-sub": "30...62" ... ... @@ -151,12 +151,10 @@ 151 151 } 152 152 ))) 153 153 154 -The groupfield above lists CollaboratoryGroups intheform "group-//groupname//" and CollaboratoryUnitsintheform"unit-//unitname//"with the unitname usingdashes instead of the colons you see in the Collaboratory UI.156 +The unit field above lists Collaboratory Units which the user is a member of, with the unit name using slashes instead of the colons you see in the Collaboratory UI. 155 155 156 - Theteamfieldabove listsCollaboratory Teamsintheform"collab-//collabname//-//role//"where //role //is one ofadmin,editor,or vieweraccording to the user'sroleincollab //collabname//.158 +jupyterhub and xwiki are OIDC clients with more advanced permission management. 157 157 158 - jupyterhub andxwiki areOIDCclients.160 +The team field above lists Collaboratory Teams which the user is a member of, in the form "collab-//collabname//-//role//" where //role //is one of admin, editor, or viewer according to the user's role in collab //collabname//. 159 159 160 -The unit field above lists [useless noise?]. 161 - 162 - 162 +The group field above lists Collaboratory Groups which the user is a member of, in the form "group-//groupname//". It also lists Collaboratory Units which the user is an admin of, in the form "unit-//unitname//-administrator" with //unitname //using dashes instead of the colons you see in the Collaboratory UI.