Skip to content

Required information about the client

Before configuring a new OAuth client in Argus, we need the following information about the client:

  • The main URI (landing page) to point to for the application
  • The redirect_uri (callback URI) to redirect back to
  • The IP(-ranges) the client will use when requesting the access token, which Argus users to protect against hijacked authorization tokens.

Defining the client in Argus

Defining an OAuth2 Client is generally done by an administrator.

To define a new OAuth2 Client:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
curl -XPOST -H"Argus-API-Key: my/api/key" https://api.mnemonic.no/authentication/v1/oauth/client -d
{
    "shortName": "myclient",
    "name": "My OAuth Client",
    "description": "This is the description of the client",
    "customer": "mycustomer",
    "mainURI": "https://my.application",
    "redirectURI": "https://my.application/oauth/callback"
    "requiredFunction":"myAccessFunction",  # define a special access function, which is required for the user to get access
    "permissionScope":"DATASTORE-VIEWER",   # allow the client to access the datastore, read only
    "clientIPRange": ["192.168.1.0/24"],    # I know where this application runs!
    "clientSecret": "mySecretPassword"      # Share this secret with the OAuth2 client, to allow it to contact the Token endpoint
  }
}

Tip

The "clientSecret" option is only used for secure clients when using the Authorization Code Flow. When using implicit or client credentials flow, this is not required. To not set a password, the client must be configured explicitly with configuration option "authenticationMethod":"none".

The returning OAuth2 Client definition contains the client ID, which should be configured on the client to be used in the OAuth2 protocol exchange:

1
2
3
{
  "id": "021269c5-04c3-4399-a206-32659c489803", ...
}

Updating an OAuth2 Client

The update endpoint allows changing the properties of the configured client after it was created.

See the OpenAPI specification for details.

bash curl -XPUT -H"Argus-API-Key: my/api/key" https://api.mnemonic.no/authentication/v1/oauth/client/myclient -d { "name": "A better name for my OAuth client" } }