Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- 10_public:3rd_party_app_development [2017/11/07 09:40]
raffael.sahli
+++ 10_public:3rd_party_app_development [2019/05/10 07:47] (aktuell)
raffael.sahli [OpenID Connect]
@@ Zeile 1: / Zeile 1: @@
 ===== Register your app =====
-First thing you're required to do is regsiter your app.
+First thing you're required to do is register your app.
-<WRAP center round info 100%> There is no interface yet for self register your app. </WRAP>
+Please write a mail to [[support@gyselroth.com|]] with the following information:
-Please write a mail to [[support@gselroth.com|support@gselroth.com]] with the following information:
   - App name
   - App description
-  - App logo (OPTIONAL)
+  - HTTPS-URL to App logo (OPTIONAL)
-  - Protocol (Shibboleth or OpenID Connect) (Usually you want OpenID Connect here)
+  - Protocol (OpenID Connect or Shibboleth) (Usually you want OpenID Connect here).
 ==== Shibboleth ====
-If you have choosen Shibboleth for nr. 4, wee need the following additional information:
+If you have choosen Shibboleth for nr. 4, we need the following additional information:
   - URL to your SP (service provider) Metadata
 ==== OpenID Connect ====
-If you have choosen OpenID Connect for nr. 4, wee need the following additional information:
+If you have choosen OpenID Connect for nr. 4, we need the following additional information:
   - Client authentication method (Usually you want "client_secret_post" here) (See [[http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication|OpenID-Connect Specification part 9]])
   - App type (Android app, JavaScript app, desktop app, webserver app, …)
   - redirect_uri
 ===== Resource server =====
@@ Zeile 32: / Zeile 32: @@
 ^Name^API Version^URL^Typ|
 |IN2|v1|[[https://api.tam.ch|https://api.tam.ch]]|JSON/XML REST|
-|CloudFS|v1|[[https://cloudfs.tam.ch/api|https://cloudfs.tam.ch/api]]|JSON/XML REST|
+|balloon|v1 / v2|[[https://balloon.tam.ch/api|https://balloon.tam.ch/api]]|JSON/XML REST|
 ===== Shibboleth =====
@@ Zeile 83: / Zeile 83: @@
 ==== Attributes ====
-Your can receive the follwing user attributes by query the userinfo endpoint (See discovery) [[https://accounts.tam.ch/userinfo|https://accounts.tam.ch/userinfo]] (Depending which scopes you have requested during requesting the token).
+You are able to receive the following user attributes by query the userinfo endpoint (See discovery) [[https://accounts.tam.ch/userinfo|https://accounts.tam.ch/userinfo]] (Depending which scopes you have requested during requesting the token).
 ^**Attribute**   ^**Description**   ^Scope|
@@ Zeile 126: / Zeile 126: @@
 |scope|openid profile email intranet offline_access|Scopes to query, you should always request openid and profile. **Note**: If you want to query an intranet2 API you are required to request the scope intranet as well.|
 |state|Random String|Random string to prevent cross-site-request-forgery attacks.|
+|prompt|consent|prompt=consent is required if you would like to obtain an refresh token|
 Example authentication request:
 <code>
-https://accounts.tam.ch/auth?redirect_uri=https://cloudfs.tam.ch&scope=openid offline_access&client_id=my_client_id&response_type=code
+https://accounts.tam.ch/auth?redirect_uri=https://cloudfs.tam.ch&scope=openid offline_access&client_id=my_client_id&response_type=code&prompt=consent
 </code>
@@ Zeile 353: / Zeile 354: @@
 </code>
-==== Revocation ====
+==== Revoke tokens ====
 An endpoint for token revocation is available at [[https://accounts.tam.ch/revoke|https://accounts.tam.ch/revoke]] (See discovery). The revocation endpoint can be queried with an access_token or a refresh_token to revoke this token.
@@ Zeile 372: / Zeile 373: @@
 ==== Single-Sign-on Button ====
-You can use this button to link to our AAI infrastructure for both Shibboleth an OpenID-connect apps.
+You should use this button to link to our AAI infrastructure for both Shibboleth an OpenID-connect apps.
 {{:10_public:button_aai_login.png}}