Required information about the client#
Before configuring a new OAuth client in Argus, we need the following information about the client:
The main URI (landing page) to point to for the application
The redirect_uri (callback URI) to redirect back to
The IP(-ranges) the client will use when requesting the access token, which Argus users to protect against hijacked authorization tokens.
Defining the client in Argus#
Defining an OAuth2 Client is generally done by an administrator.
To define a new OAuth2 Client:
curl -XPOST -H"Argus-API-Key: my/api/key" https://api.mnemonic.no/authentication/v1/oauth/client -d
{
"shortName": "myclient",
"name": "My OAuth Client",
"description": "This is the description of the client",
"customer": "mycustomer",
"mainURI": "https://my.application",
"redirectURI": "https://my.application/oauth/callback"
"requiredFunction":"myAccessFunction", # define a special access function, which is required for the user to get access
"permissionScope":"DATASTORE-VIEWER", # allow the client to access the datastore, read only
"clientIPRange": ["192.168.1.0/24"], # I know where this application runs!
"clientSecret": "mySecretPassword" # Share this secret with the OAuth2 client, to allow it to contact the Token endpoint
}
}
Tip
The “clientSecret” option is only used for secure clients when using the Authorization Code Flow. When using implicit or client credentials flow, this is not required. To not set a password, the client must be configured explicitly with configuration option “authenticationMethod”:”none”.
The returning OAuth2 Client definition contains the client ID, which should be configured on the client to be used in the OAuth2 protocol exchange:
{
"id": "021269c5-04c3-4399-a206-32659c489803", ...
}
Updating an OAuth2 Client#
The update endpoint allows changing the properties of the configured client after it was created.
See the Swagger API documentation for details.
curl -XPUT -H"Argus-API-Key: my/api/key" https://api.mnemonic.no/authentication/v1/oauth/client/myclient -d
{
"name": "A better name for my OAuth client"
}
}```