Last modified by messines on 2021/06/08 17:32
From version 17.4
edited by messines
on 2020/09/15 11:26
Change comment: There is no comment for this version
To version 15.1
edited by messines
on 2020/07/16 14:58
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -44,11 +44,6 @@
44 44  * **openid: **This scope is required because we use the OIDC protocol. It will give your app access to the user's basic information such as username, email and full name.
45 45  * **group **(optional)**: **If you request this scope, the future access token generated will authorize your app to identify which units and groups the user belongs to.
46 46  * **team **(optional)**: **This scope is like the group scope lets your app identify the permissions of the user, but by identifying what collabs the user has access to and with what roles.
47 -* **clb.wiki.read **(optional): access to GET Collab API
48 -* **clb.wiki.write** (optional): access to DELETE/PUT/POST Collab API
49 -* **clb.drive:read **(optional): access to GET Drive API
50 -* **clb.drive:write** (optional): access to DELETE/PUT/POST Drive API
51 -* **offline_access : **provide refresh token
52 52  
53 53  {{info}}
54 54  The group and team scopes are a simple way for your app to grant permissions to its services and resources when you want to grant access to a very few units, groups, or collab teams. For more complex permission management, contact support.
... ... @@ -72,7 +72,7 @@
72 72  
73 73  ==== Request ====
74 74  
75 -/POST: [[https:~~/~~/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token>>https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token]]
70 +/POST: [[https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token>>url:https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token]]
76 76  
77 77  with the following parameters:
78 78  
... ... @@ -114,7 +114,7 @@
114 114  
115 115  ==== Request ====
116 116  
117 -/GET: [[https:~~/~~/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo>>https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo]]
112 +/GET: [[https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo>>url:https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo]]
118 118  
119 119  with the following parameters:
120 120  
... ... @@ -126,7 +126,7 @@
126 126  
127 127  ==== Response ====
128 128  
129 -As response your app receives a JSON with all the information about the logged user
124 +As response your app receives a JSON with all the information on the logged user
130 130  
131 131  (% class="box" %)
132 132  (((
... ... @@ -149,7 +149,7 @@
149 149   ],
150 150   "group": [
151 151   "**group**-collaboratory-developers",
152 - "**unit**-all-projects-hbp-consortium-sga2-sp05-**administrator**"
147 + "**unit**-all-projects-hbp-consortium-sga2-sp05-administrator"
153 153   ]
154 154   },
155 155   "mitreid-sub": "30...62"
... ... @@ -156,10 +156,12 @@
156 156  }
157 157  )))
158 158  
159 -The unit field above lists Collaboratory Units which the user is a member of, with the unit name using slashes instead of the colons you see in the Collaboratory UI.
154 +The group field above lists Collaboratory Groups in the form "group-//groupname//" and Collaboratory Units in the form "unit-//unitname//" with the unitname using dashes instead of the colons you see in the Collaboratory UI.
160 160  
161 -jupyterhub and xwiki are OIDC clients with more advanced permission management.
156 +The team field above lists Collaboratory Teams in the form "collab-//collabname//-//role//" where //role //is one of admin, editor, or viewer according to the user's role in collab //collabname//.
162 162  
163 -The team field above lists Collaboratory Teams which the user is a member of, in the form "collab-//collabname//-//role//" where //role //is one of admin, editor, or viewer according to the user's role in collab //collabname//.
158 +jupyterhub and xwiki are OIDC clients.
164 164  
165 -The group field above lists Collaboratory Groups which the user is a member of, in the form "group-//groupname//". It also lists Collaboratory Units which the user is an admin of, in the form "unit-//unitname//-administrator" with //unitname //using dashes instead of the colons you see in the Collaboratory UI.
160 +The unit field above lists is the list of unit the user is member of. The `unit-` prefix bellow the group field are the administration right for this user for the given unit, administration of unit is a separate concept than the unit themself.
161 +
162 +