Application Registration#

Added in version 2.0.

By default, ESS’ Broker Service supports static registration of client applications. Using the Application Registration feature, users can statically register their applications to receive client credentials (i.e., Client ID and Client Secret). ESS’ application registration returns Client ID of type UUID. [1]

Warning

Safeguard your Client ID and Client Secret values. Do not share these with any third parties as anyone with your Client ID and Client Secret values can impersonate you and act fully on your behalf.

With these client credentials, your applications can perform authentication flow without the need for browser-based user interactions with the Identity Provider.

To Register#

  1. Go to the Application Registration page; e.g., https://openid.<ESSDOMAIN>/registration.html.

  2. If not already logged in, you will redirect to the login page. Log in with your username and password.

  3. In the Register an app textbox, enter your application’s name and click Register.

  4. The Client ID and Client Secret for your application appears under Apps You’ve Registered list.

    Note

    • You can register up to 10 applications.

    • You can delete an application’s registration by clicking on the three-dot icon and selecting Delete app from the menu.

Authenticate with Client Credentials#

Once you have registered the application, you can use its client credentials in the application’s login code. Specifically, your application can perform Client Credentials flow.

Tip

To create an ACP policy that allows your registered client to access your Pod data, see Create Policy for Client Applications.

You can use the registered client credentials with Inrupt’s Java Client Library to create an authenticated session. Once you have the authenticated session, you can create a client for the session and perform authenticated operations:

/**
 * Note 1: OpenIdSession.ofClientCredentials
 * Using the client credentials, create an authenticated session.
 */

final Session session = OpenIdSession.ofClientCredentials(
        URI.create(System.getenv("MY_SOLID_IDP")).normalize(),
        System.getenv("MY_SOLID_CLIENT_ID"),
        System.getenv("MY_SOLID_CLIENT_SECRET"),
        "client_secret_basic");

/**
 * Note 2: SolidSyncClient
 * Instantiates a synchronous client for the authenticated session.
 * The client has methods to perform CRUD operations.
 */
final SolidSyncClient client = SolidSyncClient.getClient().session(session);

/**
 * Note 3: SolidSyncClient.read()
 * Using the SolidSyncClient client.read() method,
 * - Reads the RDF resource into the Expense class, which extends SolidRDFSource class
 */
final URI uri = URI.create(resourceURL).normalize();
try (Expense resource = client.read(uri, Expense.class)) {
   // Various Processing

} catch (NotFoundException e1) {

    // ...
} catch(ForbiddenException e2) {
    // ...
} catch(Exception e) {
   // ...
}

For more information on the Java Client Library, see:

Configuration#

To disable the Register an Application feature, set INRUPT_OPENID_CATALOG_DISABLED to true.