Changes for page 2. Authenticating with your OIDC client and fetch collab user info
Last modified by messines on 2021/06/08 17:32
Summary
-
Page properties (2 modified, 0 added, 0 removed)
Details
- Page properties
-
- Title
-
... ... @@ -1,1 +1,1 @@ 1 - 2.Authenticating with your OIDC client and fetch collab user info1 +Authenticating with your OIDC client and fetch collab user info - Content
-
... ... @@ -1,8 +6,3 @@ 1 -(% class="wikigeneratedid" %) 2 -== Requirement == 3 - 4 -You should read this documentation to [[understand the concept of Authentication and Authorization>>https://wiki.ebrains.eu/bin/view/Collabs/the-collaboratory/Technical%20documentation/Architecture/Permissions/Authentication%20%26%20Authorisation%20using%20OIDC/]] with OIDC and OAuth2 before to try to implement it. 5 - 6 6 == Abstract == 7 7 8 8 In order to create an OIDC client, see [[1. Registering an OIDC client>>https://wiki.ebrains.eu/bin/view/Collabs/collaboratory-community-apps/Community%20App%20Developer%20Guide/1.%20Registering%20an%20OIDC%20client/]]. After creating the OIDC client, you have a corresponding access token and secret. ... ... @@ -53,7 +53,9 @@ 53 53 * **team **(optional)**: **This scope is like the group scope lets your app identify the permissions of the user, but by identifying what collabs the user has access to and with what roles. 54 54 * **clb.wiki.read **(optional): access to GET Collab API 55 55 * **clb.wiki.write** (optional): access to DELETE/PUT/POST Collab API 56 -* **collab.drive **(optional): access to GET/POST/PUT/DELETE drive API 51 +* **clb.drive:read **(optional): access to GET Drive API 52 +* **clb.drive:write** (optional): access to DELETE/PUT/POST Drive API 53 +* **collab.drive **(optional): former scope, should be use if clb.drive is not enought 57 57 * **offline_access **(optional)**: **provide refresh token 58 58 59 59 {{info}} ... ... @@ -74,7 +74,7 @@ 74 74 === Access Token Request === 75 75 76 76 (% class="wikigeneratedid" id="HRequest-1" %) 77 -Now that your app has the **authorization** **code** for a user, it can fetch the user ID Tokenand AccessToken74 +Now that your app has the **authorization** **code** for a user, it can fetch the user access token 78 78 79 79 ==== Request ==== 80 80 ... ... @@ -112,7 +112,7 @@ 112 112 } 113 113 ))) 114 114 115 -Your app gets a response containing the **access token** ,the **refresh token,** the **id token **and other information.The ID Token should be use by developer on their backend to read user informations such as username, first name, last name etc. The ID Token should be use internally, into your app only, the app which triggered the authentication. The access token will be use to reach APIs, the access token can be see as a card to access an ATM. ID Token is for Authentication, Access token is for Authorization. Refresh token is to re-ask a valid access token after expiration.112 +Your app gets a response containing the **access token** and other information. 116 116 117 117 == Access user info == 118 118