Manage Authorization Clients#
To specify which applications can access Access Control Resources (ACRs). Only the clients whose Solid-OIDC Client IDs are in the list can modify the ACRs (i.e., modify access policies for resources).
To create the Initial ACP Policies when a Pod is created. Specifically, the initial policies allows only the clients whose Client IDs are in the list (at the time of the Pod creation) to read and write to the Pod.
INRUPT_AUTHORIZATION_CLIENT_ID_ALLOW_LISTonly affects the initial policies during Pod creation. Once the initial policies have been created, any change to the list has no effect on existing policies.
Only the Authorization Service setting affects which clients are allowed.
The following customization updates:
Go to your ESS installation directory:
authz-client-id-allow-list.yamlfile with the following content:
apiVersion: apps/v1 kind: Deployment metadata: name: ess-authorization-acp spec: template: spec: containers: - env: - name: INRUPT_AUTHORIZATION_CLIENT_ID_ALLOW_LIST value: https://myApp.example.com/appid,https://podbrowser.inrupt.com/api/app name: ess-authorization-acp
podconfig-client-id-allow-list.yamlfile with the following content:
apiVersion: apps/v1 kind: Deployment metadata: name: ess-pod-storage spec: template: spec: containers: - env: - name: INRUPT_AUTHORIZATION_CLIENT_ID_ALLOW_LIST value: https://myApp.example.com/appid,https://podbrowser.inrupt.com/api/app name: ess-pod-storage
Specifically, add the highlighted content to the
kustomization.yamlfile to the
patcheskey does not exist in
kustomization.yaml, add the
patcheskey as well.
# kustomization.yaml in your ESS installation directory # ... Preceding content omitted for brevity # ... patches: - path: authz-client-id-allow-list.yaml - path: podconfig-client-id-allow-list.yaml