Client Applications


Once you’ve created an authorization server, you’ll need to add a client application. Each application that will use the authorization server will need to be registered. As of now, only adminstrative users can perform this function, so you’ll need to visit the administrative portal.

Registering an Application


To register a client application, you first need to access the administrative portal. First navigate to the main provider page, and click on Admin Portal. This should redirect you to the administrative portal for your provider.

After logging in, click on “applications” to view the list of registered client applications. If this is a new provider, you’ll see two registered applications: the administrative portal (which you’re using) and the user portal (where users can update their profile). Press the “new application” link to register a new application.

Every OAuth application requires some basic information. Most of it is self-explanatory, but there are a few that are specific to the OAuth2 protocol.

  • Application name Name of your application.
docs/../../../_static/img/new_client_application_1.png
  • Application website Homepage of your application
docs/../../../_static/img/new_client_application_2.png
  • Scopes List of scopes the application needs to access.
  • Redirect URI A publicly accessible URL that the authorization server will call back with the authorization code and/or access token (see OAuth documentation).
docs/../../../_static/img/new_client_application_3.png

Managing


After registering, the application will be assigned a unique client ID and client secret. The client ID is public information and identifies your application. The secret, however, should be kept confidential as it used in the authorization process. In the case the client secret is compromised, you should revoke all tokens associated with the application and reset the client secret.