Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
| Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
|
10_public:3rd_party_app_development [2018/08/07 09:56] raffael.sahli [Resource server] |
10_public:3rd_party_app_development [2019/05/10 07:47] (aktuell) raffael.sahli [OpenID Connect] |
||
|---|---|---|---|
| Zeile 7: | Zeile 7: | ||
| - App name | - App name | ||
| - App description | - App description | ||
| - | - App logo (OPTIONAL) | + | - HTTPS-URL to App logo (OPTIONAL) |
| - Protocol (OpenID Connect or Shibboleth) (Usually you want OpenID Connect here). | - Protocol (OpenID Connect or Shibboleth) (Usually you want OpenID Connect here). | ||
| - | |||
| ==== Shibboleth ==== | ==== Shibboleth ==== | ||
| - | If you have choosen Shibboleth for nr. 4, wee need the following additional information: | + | If you have choosen Shibboleth for nr. 4, we need the following additional information: |
| - URL to your SP (service provider) Metadata | - URL to your SP (service provider) Metadata | ||
| + | |||
| ==== OpenID Connect ==== | ==== OpenID Connect ==== | ||
| - | If you have choosen OpenID Connect for nr. 4, wee need the following additional information: | + | If you have choosen OpenID Connect for nr. 4, we need the following additional information: |
| - Client authentication method (Usually you want "client_secret_post" here) (See [[http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication|OpenID-Connect Specification part 9]]) | - Client authentication method (Usually you want "client_secret_post" here) (See [[http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication|OpenID-Connect Specification part 9]]) | ||
| - App type (Android app, JavaScript app, desktop app, webserver app, …) | - App type (Android app, JavaScript app, desktop app, webserver app, …) | ||
| - redirect_uri | - redirect_uri | ||
| + | |||
| ===== Resource server ===== | ===== Resource server ===== | ||
| Zeile 32: | Zeile 33: | ||
| |IN2|v1|[[https://api.tam.ch|https://api.tam.ch]]|JSON/XML REST| | |IN2|v1|[[https://api.tam.ch|https://api.tam.ch]]|JSON/XML REST| | ||
| |balloon|v1 / v2|[[https://balloon.tam.ch/api|https://balloon.tam.ch/api]]|JSON/XML REST| | |balloon|v1 / v2|[[https://balloon.tam.ch/api|https://balloon.tam.ch/api]]|JSON/XML REST| | ||
| - | |||
| - | \\ | ||
| - | |||
| ===== Shibboleth ===== | ===== Shibboleth ===== | ||
| Zeile 105: | Zeile 103: | ||
| |tam_uuid|truly unique user identifier|intranet| | |tam_uuid|truly unique user identifier|intranet| | ||
| |uid|username (only unique in each organization )|intranet| | |uid|username (only unique in each organization )|intranet| | ||
| - | |||
| - | \\ | ||
| - | |||
| ==== Authorization Code Flow ==== | ==== Authorization Code Flow ==== | ||
| Zeile 375: | Zeile 370: | ||
| If the client credentials were valid, the server responds with a HTTP status 200, meaning the token is revoked. | If the client credentials were valid, the server responds with a HTTP status 200, meaning the token is revoked. | ||
| - | |||
| - | \\ | ||
| - | |||
| ==== Single-Sign-on Button ==== | ==== Single-Sign-on Button ==== | ||
| Zeile 384: | Zeile 376: | ||
| {{:10_public:button_aai_login.png}} | {{:10_public:button_aai_login.png}} | ||
| + | |||
| + | \\ | ||