Attention: Due to an upgrade beginning on Friday, the 22nd August 2025, any new collabs, groups and any changes to teams will not be kept beyond the weekend. User creation will also be disabled during this time. The actual upgrade will take place on Wednesday, 27th August. On that day, any service requiring a Keycloak login will be unavailable for the duration of the upgrade. Thank you for your understanding as we complete this important work.

For the duration of the maintenance period, Collaboration and Group creation features will be temporarily disabled and will return HTTP 503 Service Unavailable errors until further notice.


Version 3.1 by messines on 2020/07/15 18:20
Show last authors
1 == Abstract ==
2
3 You had been creating an OIDC client following our guide [[https:~~/~~/wiki.ebrains.eu/bin/view/Collabs/collaboratory-community-apps/Community%20App%20Developer%20Guide/Registering%20an%20OIDC%20client/>>https://wiki.ebrains.eu/bin/view/Collabs/collaboratory-community-apps/Community%20App%20Developer%20Guide/Registering%20an%20OIDC%20client/]]
4
5 The redirect_uri is set with the url of your application, in this exemple we will use postman, a platform for api developement, use your own application, for exemple when you loggin to this wiki, the redirect uri is [[https:~~/~~/wiki.ebrains.eu/*>>https://wiki.ebrains.eu/*]]
6
7 The client is confidential with a secret, you obtain it throught the registering oidc client tutorial above.
8
9 [[image:Screenshot 2020-07-15 at 17.47.12.png]]
10
11
12 The whole authentication flow presented here is based on the official OAuth2 rfc describe in the section 4.1
13
14 [[https:~~/~~/tools.ietf.org/html/rfc6749#section-4.1>>https://tools.ietf.org/html/rfc6749#section-4.1]]
15
16 == Authentication flow ==
17
18 === Authorization Code Grant ===
19
20 ==== Request ====
21
22 /GET on [[https:~~/~~/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/auth >>https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/auth]]
23
24 with query parameters
25
26 * response_type=code
27 * client_id=community-apps-tutorial
28 * redirect_uri=[[https:~~/~~/www.getpostman.com/oauth2/callback>>https://www.getpostman.com/oauth2/callback]]
29 * login=true
30 * scope=openid+group+team
31
32 so
33
34 [[https:~~/~~/iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/auth?response_type=code&client_id=community-apps-tutorial&redirect_uri=https:~~/~~/www.getpostman.com/oauth2/callback&login=true&scope=openid+group+team>>https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/auth?response_type=code&client_id=community-apps-tutorial&redirect_uri=https://www.getpostman.com/oauth2/callback&login=true&scope=openid+group+team]]
35
36 Of course replace **client_id** and **redirect_uri** with your own configuration
37
38 This will redirect you to the login page of **iam **where your user must enter they username/password
39
40 ==== Scope ====
41
42 In the request you can see a scope **parameter**
43
44 * **openid : **This scope is required in oidc, it contains basic information of the user such as it username, email and full name.
45 * **group **( optional ) **:**
46
47 ==== Response ====
48
49 After the loggin, you got a 301 redirection and 200 success http response with a **code** inside
50
51 [[https:~~/~~/www.getpostman.com/oauth2/callback?session_state=a0ff8a68-2654-43ef-977a-6c15ce343546&code=f3f04f93-hbp-482d-ac3d-demo.turtorial.7122c1d9-3f7e-4d80-9c4f-dcd244bc2ec7>>https://www.getpostman.com/oauth2/callback?session_state=a0ff8a68-2654-43ef-977a-6c15ce598886&code=f3f04f93-b98d-482d-ac3d-414cead54de0.a0ff8a68-2654-43ef-977a-6c15ce598886.7122c1d9-3f7e-4d80-9c4f-dcd244bc2ec7]]
52
53 (% class="box infomessage" %)
54 (((
55 the code is very important for the next step here the code is //f3f04f93-hbp-482d-ac3d-demo.turtorial.7122c1d9-3f7e-4d80-9c4f-dcd244bc2ec7//
56 )))
57
58
59