Skip to content
This repository has been archived by the owner on Apr 27, 2021. It is now read-only.

Registration

Jump to bottom
Linda Chan edited this page Feb 16, 2018 · 2 revisions

The first step to integrate with fabric is to register your application or API. This document outlines how to register with fabric.identity and provides sample registration body. If you are using fabric.authorization, you must register your client with fabric.authorization separately (using the same name that you registered with fabric.identity).

Client or API Resources

First determine if you are registering a client or API resource or both.

Clients are applications that need to leverage Fabric.Identity's authentication as a service as well as interact with APIs and Identity resources protected by Fabric.Identity.

API resources are backend APIs that need to protect their resources through scopes.

Client Registration

If you are registering a client, you must first determine the grant type that defines how it interacts with fabric.identity. You should also identify scopes your client needs in order to access API resources (AllowedScopes).

Grant Types

  • Implicit: Implicit flow is used for mobile apps and client-side web applications that cannot protect a secret. This flow does not authenticate the identity of the application, and relies on the redirect URI that was registered with the service to serve this purpose. The implicit grant type does not support refresh tokens.

    Sample registration:

    POST /api/v1/client/

    {
"enabled": true,
"clientId": "YourClientID",
"clientName": "Your Client Name",
"allowedGrantTypes": [
    "implicit"
],
"redirectUris": [
    "https://yourDomain/redirectUri"
],
"allowedScopes": [
    "openid",
    "profile",
    "fabric.profile",
    "fabric/authorization.read",
    "fabric/authorization.write",
    "fabric/authorization.manageclients",
    "fabric/identity.manageresources",
    "fabric/identity.read"
],
"allowAccessTokensViaBrowser": true,
"postLogoutRedirectUris": [
    "https://yourDomain/redirectUri"
],
"logoutUri": null,
"logoutSessionRequired": true,
"allowedCorsOrigins": [
    "https://yourDomain/"
],
"requireConsent": false
}

  • Hybrid: Hybrid grant type allows client to use both implicit and authorization code flow. Authorization code flow is typically used in server-side applications where it is possible to securely store a client secret to exchange an authorization code for an access token.

    Sample registration:

    POST /api/v1/client/

    {
"enabled": true,
"clientId": "YourClientID",
"clientName": "Your Client Name",
"requireClientSecret": true,
"allowedGrantTypes": [
    "hybrid"
],
"redirectUris": [
    "https://yourDomain/redirectUri"
],
"allowedScopes": [
    "openid",
    "profile",
    "fabric/profile",
    "fabric/identity.manageresources",
    "fabric/identity.read",
    "fabric/authorization.read",
    "fabric/authorization.write",
    "fabric/authorization.manageclients"
],
"postLogoutRedirectUris": [
    "https://yourDomain/redirectUri"
],
"updateAccessTokenClaimsOnRefresh": false,
"requireConsent": false
}

  • Client Credentials: this flow is typically used in machine to machine communications where no user is involved.

    Sample registration:

    POST /api/v1/client/

    {
"clientId": "YourClientID",
"clientName": "Your Client Name",
"allowedScopes": [
    "fabric/identity.manageresources",
    "fabric/authorization.read",
    "fabric/authorization.write",
    "fabric/authorization.manageclients"
],
"allowedGrantTypes": [
    "client_credentials"
],
"requireConsent": false
}

  • Delegate: Similiar to client credentials, this flow is used in machine to machine communications where no user is involved. The delegate flow will give backend service the ability to request a new token with new scopes on behalf of a user that logged into another client.

    Sample registration:

    POST /api/v1/client/

    {
"clientId": "YourClientID",
"clientName": "Your Client Name",
"allowedScopes": [
    "fabric/identity.manageresources",
    "fabric/authorization.read",
    "fabric/authorization.write",
    "fabric/authorization.manageclients"
],
"allowedGrantTypes": [
    "delegate"
],
"requireConsent": false
}

APIResource Registration

Sample registration:

POST /api/v1/apiresource/

{
"name": "YourAPIResourceName",
"displayName": "Your API Resource display name",
"description": null,
"scopes": [
    {
        "name": "fabric/identity.manageresources",
        "displayName": null,
        "description": null,
        "required": false,
        "emphasize": false,
        "showInDiscoveryDocument": true,
        "userClaims": []
    }
],
"enabled": true,
"userClaims": [
    "name",
    "email",
    "role",
    "groups"
]
}

Table of Contents

Overview

API Reference

Installation and Configuration

Clone this wiki locally