Abstract

You had been creating an OIDC client following our guide https://wiki.ebrains.eu/bin/view/Collabs/collaboratory-community-apps/Community%20App%20Developer%20Guide/Registering%20an%20OIDC%20client/

The redirect_uri is set with the url of your application, in this exemple we will use postman, a platform for api developement, use your own application, for exemple when you loggin to this wiki, the redirect uri is https://wiki.ebrains.eu/*

The client is confidential with a secret, you obtain it throught the registering oidc client tutorial above.

The whole authentication flow presented here is based on the official OAuth2 rfc describe in the section 4.1

https://tools.ietf.org/html/rfc6749#section-4.1

Authentication flow

Authorization Code Grant

Request

/GET on https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/auth 

with query parameters

• response_type=code
• client_id=community-apps-tutorial
• redirect_uri=https://www.getpostman.com/oauth2/callback
• login=true
• scope=openid+group+team

so

https://iam.ebrains.eu/auth/realms/hbp/protocol/openid-connect/auth?response_type=code&client_id=community-apps-tutorial&redirect_uri=https://www.getpostman.com/oauth2/callback&login=true&scope=openid+group+team

Of course replace client_id and redirect_uri with your own configuration

This will redirect you to the login page of iam where your user must enter they username/password

Scope

In the request you can see a scope parameter

• openid : This scope is required in oidc, it contains basic information of the user such as it username, email and full name.
• group ( optional ) :

Response

After the loggin, you got a 301 redirection and 200 success http response with a code inside

https://www.getpostman.com/oauth2/callback?session_state=a0ff8a68-2654-43ef-977a-6c15ce343546&code=f3f04f93-hbp-482d-ac3d-demo.turtorial.7122c1d9-3f7e-4d80-9c4f-dcd244bc2ec7