Manage Authorization Clients#
The Authorization Service uses
To specify which applications can access Access Control Resources (ACRs). Only the clients whose Solid-OIDC Client IDs are in the list can modify the ACRs (i.e., modify access policies for resources).
To create the Initial ACP Policies when a Pod is created. Specifically, the initial policies allows only the clients whose Client IDs are in the list (at the time of the Pod creation) to read and write to the Pod.
INRUPT_AUTHORIZATION_CLIENT_ID_ALLOW_LISTonly affects the initial policies during Pod creation. Once the initial policies have been created, any change to the list has no effect on existing policies.
Both Authorization Service and
Pod Storage Service have a
Only the Authorization Service setting affects which clients are allowed.
The Pod Storage Service is for
Discovery purposes only. As such, the
Pod Storage Service should reflect the values set in the
The following customization updates:
INRUPT_AUTHORIZATION_CLIENT_ID_ALLOW_LISTfor Authorization Service and
INRUPT_AUTHORIZATION_CLIENT_ID_ALLOW_LISTfor Pod Storage Service.
Go to your ESS installation directory:
authz-client-id-allow-list.yamlfile with the following content:
apiVersion: apps/v1 kind: Deployment metadata: name: ess-authorization-acp spec: template: spec: containers: - env: - name: INRUPT_AUTHORIZATION_CLIENT_ID_ALLOW_LIST value: https://myApp.example.com/appid,https://podbrowser.inrupt.com/api/app name: ess-authorization-acp
podconfig-client-id-allow-list.yamlfile with the following content:
apiVersion: apps/v1 kind: Deployment metadata: name: ess-pod-storage spec: template: spec: containers: - env: - name: INRUPT_AUTHORIZATION_CLIENT_ID_ALLOW_LIST value: https://myApp.example.com/appid,https://podbrowser.inrupt.com/api/app name: ess-pod-storage
kustomization.yaml(i.e., step 3 of the Applying Your Customizations procedure) to use
Specifically, add the highlighted content to the
kustomization.yamlfile to the
patcheskey does not exist in
kustomization.yaml, add the
patcheskey as well.
# kustomization.yaml in your ESS installation directory # ... Preceding content omitted for brevity # ... patches: - path: authz-client-id-allow-list.yaml - path: podconfig-client-id-allow-list.yaml
Continue with the rest of the Applying Your Customizations procedure.