Failed to execute template. Cause: [Access denied when checking [script] access to [xwiki:Collaboratory.UX.HbpSkin.WebHome] for user [xwiki:XWiki.Admin]]. Click on this message for details.

Community App Developer Guide - HBP Wiki

IAM21 instance, do not create collab nor modify a team, your changes will be lost


Last modified by allan on 2019/11/12 13:32
From version 6.1
edited by allan
on 2019/11/12 12:32
Change comment: There is no comment for this version
To version 1.1
edited by allan
on 2019/10/30 12:52
Change comment: There is no comment for this version

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -Community App Developer Guide
1 +test
Content
... ... @@ -1,193 +1,3 @@
1 -Developers can extend the Collaboratory capabilities by providing applications to its community of users.
1 += Hello =
2 2  
3 -This guide describes the steps to make this possible.
4 -
5 -== Becoming a contributor ==
6 -
7 -The first step is for you to **become a contributor**. Contributors can register and manage applications within the Community Apps Catalogue.
8 -
9 -Send an email to [[support@humanbrainproject.eu>>mailto:support@humanbrainproject.eu]] with a short summary of your intentions.
10 -
11 -The support team will apply the permissions to your user: your account will be upgraded with developers privileges the next time you will login.
12 -
13 -(% class="box infomessage" %)
14 -(((
15 -Only SGA2 accredited users will be automatically granted the contributor level.
16 -)))
17 -
18 -== Registering an application in the Catalogue ==
19 -
20 -Collab authors find applications to add to their collabs in the Community Apps Catalogue.
21 -
22 -{{error}}
23 -TODO: describe the steps to register an app in the Catalogue
24 -{{/error}}
25 -
26 -== Creating your OpenID Connect client ==
27 -
28 -The steps to create an OpenID Connect client are the following:
29 -
30 -1. get an access token from the `developer` client
31 -1. use the token to call the create endpoint
32 -1. save your registration access token for further modifications of your client
33 -
34 -=== Fetching your developer access token ===
35 -
36 -Getting your developer token is done in one simple step: authenticate against the developer client with the password grant.
37 -
38 -This can be achieved with this sample shell script:
39 -
40 -{{code language="bash"}}
41 -# Gather username and password from user
42 -echo '\nEnter your username' && read clb_dev_username &&
43 -echo '\nEnter your password' && read -s clb_dev_pwd &&
44 -
45 -# Fetch the token
46 -curl -X POST https://iam.humanbrainproject.eu/auth/realms/hbp/protocol/openid-connect/token \
47 - -u developer: \
48 - -d 'grant_type=password' \
49 - -d "username=${clb_dev_username}" \
50 - -d "password=${clb_dev_pwd}" |
51 -
52 -# Prettify the JSON response
53 -json_pp;
54 -
55 -# Erase the credentials from local variables
56 -clb_dev_pwd='';clb_dev_username=''
57 -{{/code}}
58 -
59 -The response will be similar to:
60 -
61 -{{code language="json"}}
62 -{
63 - "access_token": "eyJhbGci...",
64 - "expires_in": 108000,
65 - "refresh_expires_in": 14400,
66 - "refresh_token": "eyJhbGci...",
67 - "token_type": "bearer",
68 - "not-before-policy": 1563261088,
69 - "session_state": "0ac3dfcd-aa5e-42eb-b333-2f73496b81f8",
70 - "scope": ""
71 -}
72 -{{/code}}
73 -
74 -Copy the "access_token" value, you will need if for the next step.
75 -
76 -=== Creating the client ===
77 -
78 -You can now create clients by sending a JSON representation to a specific endpoint:
79 -
80 -{{code language="bash"}}
81 -# Set your developer token
82 -clb_dev_token=...
83 -
84 -# Send the creation request
85 -curl -X POST https://iam.humanbrainproject.eu/auth/realms/hbp/clients-registrations/default/ \
86 - -H "Authorization: Bearer ${clb_dev_token}" \
87 - -H 'Content-Type: application/json' \
88 - -d '{
89 - "clientId": "my-awesome-client",
90 - "name": "My Awesome App",
91 - "description": "This describes what my app is for end users",
92 - "rootUrl": "https://root.url.of.my.app",
93 - "baseUrl": "/relative/path/to/its/frontpage.html",
94 - "redirectUris": [
95 - "/relative/redirect/path",
96 - "/these/can/use/wildcards/*"
97 - ],
98 - "webOrigins": ["+"],
99 - "bearerOnly": false,
100 - "consentRequired": true,
101 - "standardFlowEnabled": true,
102 - "implicitFlowEnabled": true,
103 - "directAccessGrantsEnabled": false,
104 - "attributes": {
105 - "contacts": "first.contact@example.com; second.contact@example.com"
106 - }
107 - }' |
108 -
109 -# Prettify the JSON response
110 -json_pp;
111 -{{/code}}
112 -
113 -In case of success, the endpoint will return its representation of your client:
114 -
115 -{{code language="json"}}
116 -{
117 - "defaultClientScopes" : [
118 - "web-origins",
119 - "roles"
120 - ],
121 - "redirectUris" : [
122 - "/relative/redirect/path",
123 - "/these/can/use/wildcards/*"
124 - ],
125 - "nodeReRegistrationTimeout" : -1,
126 - "rootUrl" : "https://root.url.of.my.app",
127 - "webOrigins" : [
128 - "+"
129 - ],
130 - "authenticationFlowBindingOverrides" : {},
131 - "baseUrl" : "/relative/path/to/its/frontpage.html",
132 - "description" : "This describes what my app is for end users",
133 - "notBefore" : 0,
134 - "frontchannelLogout" : false,
135 - "enabled" : true,
136 - "registrationAccessToken" : "eyJhbGciOi...",
137 - "consentRequired" : true,
138 - "fullScopeAllowed" : false,
139 - "clientAuthenticatorType" : "client-secret",
140 - "surrogateAuthRequired" : false,
141 - "directAccessGrantsEnabled" : false,
142 - "standardFlowEnabled" : true,
143 - "id" : "551b49a0-ec69-41af-9461-6c10fbc79a35",
144 - "attributes" : {
145 - "contacts" : "first.contact@example.com; second.contact@example.com"
146 - },
147 - "name" : "My Awesome App",
148 - "secret" : "your-client-secret",
149 - "publicClient" : false,
150 - "clientId" : "my-awesome-client",
151 - "optionalClientScopes" : [],
152 - "implicitFlowEnabled" : true,
153 - "protocol" : "openid-connect",
154 - "bearerOnly" : false,
155 - "serviceAccountsEnabled" : false
156 -}
157 -{{/code}}
158 -
159 -Among all the attributes, you should securely save:
160 -
161 -* your client **secret** ("secret" attribute): it is needed by your application to **authenticate to the IAM server** when making backend calls
162 -* your client **registration access token** ("registrationAccessToken"): you will need it to authenticate when **modifying your client in the future**
163 -
164 -=== Modifying your client ===
165 -
166 -Update your client with a PUT request:
167 -
168 -{{code language="bash"}}
169 -# Set your registration token and client id
170 -clb_reg_token=...
171 -
172 -# Update the client
173 -curl -X PUT https://iam.humanbrainproject.eu/auth/realms/hbp/clients-registrations/default/my-awesome-client \
174 - -H "Authorization: Bearer ${clb_reg_token}" \
175 - -H 'Content-Type: application/json' \
176 - -d '{
177 - "clientId": "my-awesome-client",
178 - "redirectUris": [
179 - "/relative/redirect/path",
180 - "/these/can/use/wildcards/*",
181 - "/a/new/redirect/uri"
182 - ]
183 - }' |
184 -
185 -# Prettify the JSON response
186 -json_pp;
187 -{{/code}}
188 -
189 - Note that your need to provide your client id both in the endpoint URL and within the body of the request.
190 -
191 -{{warning}}
192 -/!\ ** Each time you modify your client, a new registration access token will be generated. You need to track of your token changes to keep access to your client.   **/!\
193 -{{/warning}}
3 +== World ==
XWiki.DocumentSheetBinding[0]
Public

allan collab