Last modified by messines on 2021/06/08 17:32
From version 17.5
edited by messines
on 2020/09/15 11:28
Change comment: There is no comment for this version
To version 15.1
edited by messines
on 2020/07/16 14:58
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -42,15 +42,8 @@
42 42  The **scope** parameter can include a combination of several values. Each user will be asked to consent to sharing that scope with your app upon first access.
43 43  
44 44  * **openid: **This scope is required because we use the OIDC protocol. It will give your app access to the user's basic information such as username, email and full name.
45 -* **profile** : More information on user if provided by the user
46 -* **email **: The verified email of the user, should be add in addition of openid and/or profile to get the email.
47 47  * **group **(optional)**: **If you request this scope, the future access token generated will authorize your app to identify which units and groups the user belongs to.
48 48  * **team **(optional)**: **This scope is like the group scope lets your app identify the permissions of the user, but by identifying what collabs the user has access to and with what roles.
49 -* **clb.wiki.read **(optional): access to GET Collab API
50 -* **clb.wiki.write** (optional): access to DELETE/PUT/POST Collab API
51 -* **clb.drive:read **(optional): access to GET Drive API
52 -* **clb.drive:write** (optional): access to DELETE/PUT/POST Drive API
53 -* **offline_access : **provide refresh token
54 54  
55 55  {{info}}
56 56  The group and team scopes are a simple way for your app to grant permissions to its services and resources when you want to grant access to a very few units, groups, or collab teams. For more complex permission management, contact support.
... ... @@ -74,7 +74,7 @@
74 74  
75 75  ==== Request ====
76 76  
77 -/POST: [[https:~~/~~/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token>>https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token]]
70 +/POST: [[https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token>>url:https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token]]
78 78  
79 79  with the following parameters:
80 80  
... ... @@ -116,7 +116,7 @@
116 116  
117 117  ==== Request ====
118 118  
119 -/GET: [[https:~~/~~/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo>>https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo]]
112 +/GET: [[https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo>>url:https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo]]
120 120  
121 121  with the following parameters:
122 122  
... ... @@ -128,7 +128,7 @@
128 128  
129 129  ==== Response ====
130 130  
131 -As response your app receives a JSON with all the information about the logged user
124 +As response your app receives a JSON with all the information on the logged user
132 132  
133 133  (% class="box" %)
134 134  (((
... ... @@ -151,7 +151,7 @@
151 151   ],
152 152   "group": [
153 153   "**group**-collaboratory-developers",
154 - "**unit**-all-projects-hbp-consortium-sga2-sp05-**administrator**"
147 + "**unit**-all-projects-hbp-consortium-sga2-sp05-administrator"
155 155   ]
156 156   },
157 157   "mitreid-sub": "30...62"
... ... @@ -158,10 +158,12 @@
158 158  }
159 159  )))
160 160  
161 -The unit field above lists Collaboratory Units which the user is a member of, with the unit name using slashes instead of the colons you see in the Collaboratory UI.
154 +The group field above lists Collaboratory Groups in the form "group-//groupname//" and Collaboratory Units in the form "unit-//unitname//" with the unitname using dashes instead of the colons you see in the Collaboratory UI.
162 162  
163 -jupyterhub and xwiki are OIDC clients with more advanced permission management.
156 +The team field above lists Collaboratory Teams in the form "collab-//collabname//-//role//" where //role //is one of admin, editor, or viewer according to the user's role in collab //collabname//.
164 164  
165 -The team field above lists Collaboratory Teams which the user is a member of, in the form "collab-//collabname//-//role//" where //role //is one of admin, editor, or viewer according to the user's role in collab //collabname//.
158 +jupyterhub and xwiki are OIDC clients.
166 166  
167 -The group field above lists Collaboratory Groups which the user is a member of, in the form "group-//groupname//". It also lists Collaboratory Units which the user is an admin of, in the form "unit-//unitname//-administrator" with //unitname //using dashes instead of the colons you see in the Collaboratory UI.
160 +The unit field above lists is the list of unit the user is member of. The `unit-` prefix bellow the group field are the administration right for this user for the given unit, administration of unit is a separate concept than the unit themself.
161 +
162 +