Last modified by messines on 2021/06/08 17:32
From version 17.6
edited by messines
on 2020/09/15 11:31
Change comment: There is no comment for this version
To version 14.1
edited by messines
on 2020/07/16 10:17
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -42,16 +42,8 @@
42 42  The **scope** parameter can include a combination of several values. Each user will be asked to consent to sharing that scope with your app upon first access.
43 43  
44 44  * **openid: **This scope is required because we use the OIDC protocol. It will give your app access to the user's basic information such as username, email and full name.
45 -* **profile** (optional): More information on user if provided by the user
46 -* **email **(optional): The verified email of the user, should be add in addition of openid and/or profile to get the email.
47 47  * **group **(optional)**: **If you request this scope, the future access token generated will authorize your app to identify which units and groups the user belongs to.
48 48  * **team **(optional)**: **This scope is like the group scope lets your app identify the permissions of the user, but by identifying what collabs the user has access to and with what roles.
49 -* **clb.wiki.read **(optional): access to GET Collab API
50 -* **clb.wiki.write** (optional): access to DELETE/PUT/POST Collab API
51 -* **clb.drive:read **(optional): access to GET Drive API
52 -* **clb.drive:write** (optional): access to DELETE/PUT/POST Drive API
53 -* **collab.drive **(optional): former scope, should be use if clb.drive is not enought
54 -* **offline_access **(optional)**: **provide refresh token
55 55  
56 56  {{info}}
57 57  The group and team scopes are a simple way for your app to grant permissions to its services and resources when you want to grant access to a very few units, groups, or collab teams. For more complex permission management, contact support.
... ... @@ -75,7 +75,7 @@
75 75  
76 76  ==== Request ====
77 77  
78 -/POST: [[https:~~/~~/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token>>https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token]]
70 +/POST: [[https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token>>url:https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/token]]
79 79  
80 80  with the following parameters:
81 81  
... ... @@ -117,7 +117,7 @@
117 117  
118 118  ==== Request ====
119 119  
120 -/GET: [[https:~~/~~/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo>>https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo]]
112 +/GET: [[https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo>>url:https:/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/userinfo]]
121 121  
122 122  with the following parameters:
123 123  
... ... @@ -129,7 +129,7 @@
129 129  
130 130  ==== Response ====
131 131  
132 -As response your app receives a JSON with all the information about the logged user
124 +As response your app receives a JSON with all the information on the logged user
133 133  
134 134  (% class="box" %)
135 135  (((
... ... @@ -152,7 +152,7 @@
152 152   ],
153 153   "group": [
154 154   "**group**-collaboratory-developers",
155 - "**unit**-all-projects-hbp-consortium-sga2-sp05-**administrator**"
147 + "**unit**-all-projects-hbp-consortium-sga2-sp05-administrator"
156 156   ]
157 157   },
158 158   "mitreid-sub": "30...62"
... ... @@ -159,10 +159,12 @@
159 159  }
160 160  )))
161 161  
162 -The unit field above lists Collaboratory Units which the user is a member of, with the unit name using slashes instead of the colons you see in the Collaboratory UI.
154 +The group field above lists Collaboratory Groups in the form "group-//groupname//" and Collaboratory Units in the form "unit-//unitname//" with the unitname using dashes instead of the colons you see in the Collaboratory UI.
163 163  
164 -jupyterhub and xwiki are OIDC clients with more advanced permission management.
156 +The team field above lists Collaboratory Teams in the form "collab-//collabname//-//role//" where //role //is one of admin, editor, or viewer according to the user's role in collab //collabname//.
165 165  
166 -The team field above lists Collaboratory Teams which the user is a member of, in the form "collab-//collabname//-//role//" where //role //is one of admin, editor, or viewer according to the user's role in collab //collabname//.
158 +jupyterhub and xwiki are OIDC clients.
167 167  
168 -The group field above lists Collaboratory Groups which the user is a member of, in the form "group-//groupname//". It also lists Collaboratory Units which the user is an admin of, in the form "unit-//unitname//-administrator" with //unitname //using dashes instead of the colons you see in the Collaboratory UI.
160 +The unit field above lists [useless noise?].
161 +
162 +