Last modified by messines on 2021/06/08 17:32
From version 20.1
edited by messines
on 2021/04/26 11:49
Change comment: There is no comment for this version
To version 17.5
edited by messines
on 2020/09/15 11:28
Change comment: There is no comment for this version

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -2. Authenticating with your OIDC client and fetch collab user info
1 +Authenticating with your OIDC client and fetch collab user info
Content
... ... @@ -42,14 +42,15 @@
42 42  The **scope** parameter can include a combination of several values. Each user will be asked to consent to sharing that scope with your app upon first access.
43 43  
44 44  * **openid: **This scope is required because we use the OIDC protocol. It will give your app access to the user's basic information such as username, email and full name.
45 -* **profile** (optional): More information on user if provided by the user
46 -* **email **(optional): The verified email of the user, should be add in addition of openid and/or profile to get the email.
45 +* **profile** : More information on user if provided by the user
46 +* **email **: The verified email of the user, should be add in addition of openid and/or profile to get the email.
47 47  * **group **(optional)**: **If you request this scope, the future access token generated will authorize your app to identify which units and groups the user belongs to.
48 48  * **team **(optional)**: **This scope is like the group scope lets your app identify the permissions of the user, but by identifying what collabs the user has access to and with what roles.
49 49  * **clb.wiki.read **(optional): access to GET Collab API
50 50  * **clb.wiki.write** (optional): access to DELETE/PUT/POST Collab API
51 -* **collab.drive **(optional): access to GET/POST/PUT/DELETE drive API
52 -* **offline_access **(optional)**: **provide refresh token
51 +* **clb.drive:read **(optional): access to GET Drive API
52 +* **clb.drive:write** (optional): access to DELETE/PUT/POST Drive API
53 +* **offline_access : **provide refresh token
53 53  
54 54  {{info}}
55 55  The group and team scopes are a simple way for your app to grant permissions to its services and resources when you want to grant access to a very few units, groups, or collab teams. For more complex permission management, contact support.
... ... @@ -69,7 +69,7 @@
69 69  === Access Token Request ===
70 70  
71 71  (% class="wikigeneratedid" id="HRequest-1" %)
72 -Now that your app has the **authorization** **code** for a user, it can fetch the user ID Token and Access Token
73 +Now that your app has the **authorization** **code** for a user, it can fetch the user access token
73 73  
74 74  ==== Request ====
75 75  
... ... @@ -107,7 +107,7 @@
107 107  }
108 108  )))
109 109  
110 -Your app gets a response containing the **access token**, the **refresh token,** the **id token **and other information. The ID Token should be use by developer on their backend to read user informations such as username, first name, last name etc. The ID Token should be use internally, into your app only, the app which triggered the authentication. The access token will be use to reach APIs, the access token can be see as a card to access an ATM. ID Token is for Authentication, Access token is for Authorization. Refresh token is to re-ask a valid access token after expiration.
111 +Your app gets a response containing the **access token** and other information.
111 111  
112 112  == Access user info ==
113 113