Skip to content

Client Applications

The Administration > Client Applications page allows the administrator of the system to configure authentication and authorization using Login Accounts for adapter hub services or other related applications.

  • Client applications are configured, by default, with the Authorization Code Grant Type, which can be used with PKCE for single-page applications (SPAs) and mobile apps.
  • This replaces the previous default of the Implicit Grant Type, which is no longer recommended.

Add or Edit Client Applications

Client Applications can be created and modified using the Administration > Client Applications page.

Each application must have:

  • A unique clientId
  • A display name, used to display the client application and its roles in Login Accounts
  • One or more locations, where authentication details are returned after logging in to this client
  • The locations will be URL(s) specific to this client's host, and should be secure (HTTPS)

The application may also assign:

  • The accessTokenLifetimeSeconds, which configure how long access tokens issued for this client should be valid
  • One or more grantTypes, which specify how access tokens are acquired by the client application
  • One or more logoutLocations, which can be used to return to the client application after signing out
  • The logoutLocations will also be URL(s) specific to this client's host, and should be secure (HTTPS)
  • One or more scopes, which specify what information should be accessible by this application
  • The common "openid", "profile", and "email" scopes may be specified to return information about the Login Account; other application-specific scopes may be added for specific access to the Client Application
  • Application-specific scopes must be unique across all applications (i.e. - you cannot re-use these scopes used by other applications)
  • One or more roles may be configured to assign role information to Login Accounts

Roles and Scopes are returned in the access token issued to this client application so that the application can control authorization to its resources.

When using a client application, you can import a JSON file containing a template for the application's settings. A simple example of a client application template:

{
  "clientId": "myClient",
  "name": "Client Application",
  "accessTokenLifetimeSeconds": 3600,
  "locations": [
    "https://myclient.domain.com/callback"
  ],
  "logoutLocations": [
    "http://myclient.domain.com"
  ],
  "grantTypes": [
    "authorization_code"
  ]
  "scopes": [
    "openid",
    "profile",
    "myscope"
  ],
  "roles": [
    "Admin",
    "User"
  ]
}

Delete Client Applications

Removing a client application will prevent it from using UIP for authentication and authorization services. In order to remove the application, any logins with roles assigned for that application must be modified.