docs: add details to curl command guide (#3437)

* docs: add more details about client creation * docs: remove redundant content
JanssenProject · Dec 28, 2022 · 62f858c · 62f858c
1 parent 4daf5d0
commit 62f858c
Showing 1 changed file with 144 additions and 20 deletions.
diff --git a/docs/admin/config-guide/curl.md b/docs/admin/config-guide/curl.md
@@ -20,7 +20,7 @@ For the client_id and client_secret, contact your administrator.
 
 ```
 curl -u "client_inum:client_secret" https://<your.jans.server>/jans-auth/restv1/token \
-    -d  "grant_type=client_credentials&scope=put_scope_name_here
+    -d  "grant_type=client_credentials&scope=put_scope_name_here"
 ```
 
 **Example**: 
@@ -65,17 +65,67 @@ Examples of `name_of_the_script` ( Authentication methods that are present in th
 
 ### Client creation
 
-#### Steps:
+1. Creating a client with minimal upfront configuration requires only `redirectUris` in following format. Add following content in a text file and save it as client.json. 
+```json
+{
+  "redirectUris": [
+  "http://localhost:8080"
+  ]  
+}
+```
+In place of `http://localhost:8080` uri used above, any valid redirect URI can be used.
+To provide full client configuration at the time of creation, Download and use this 
+[json format](https://raw.githubusercontent.com/JanssenProject/jans/main/jans-config-api/server/src/test/resources/feature/openid/clients/client.json), 
+update the values and save it as client.json. Few important fields to populate are `scope`,`responseTypes`,
+`redirectUris` (The only mandatory field), `grantTypes`. If there is a need to update the attributes of the client after 
+creation, then make sure that the client is created with `grantTypes` list having `client_credentials` grant type as well.
 
-1. Download this [json file](https://raw.githubusercontent.com/JanssenProject/jans/main/jans-config-api/server/src/test/resources/feature/openid/clients/client.json), update the values and save it as client.json.
-   <br/>Few important fields to populate are `scope`,`responseTypes`,`redirectUris` (The only mandatory field), `grantTypes`
 1. Run curl command
 ```
 curl -X POST https://my.jans.server/jans-auth/restv1/register \ 
      -H "Content-Type: application/json"  -d @/some/directory/client.json
 ```
 
-### Get Client Scopes
+If client is created successfully, response similar to below will be received:
+
+```json
+{
+    "allow_spontaneous_scopes": false,
+    "application_type": "web",
+    "rpt_as_jwt": false,
+    "registration_client_uri": "https://my.jans.server/jans-auth/restv1/register?client_id=994ec0a7-1143-456c-85ca-66ba592d7f9a",
+    "tls_client_auth_subject_dn": "",
+    "run_introspection_script_before_jwt_creation": false,
+    "registration_access_token": "d34f30ff-ae31-4760-8b67-ef071ba9ee68",
+    "client_id": "994ec0a7-1143-456c-85ca-66ba592d7f9a",
+    "token_endpoint_auth_method": "client_secret_basic",
+    "scope": "openid profile permission https://jans.io/auth/ssa.portal uma_protection work_phone phone address test https://jans.io/auth/ssa.admin user_name email clientinfo device_sso org_name https://jans.io/auth/ssa.developer offline_access",
+    "client_secret": "da4c17de-b6bc-4f25-b642-4c7b887c7860",
+    "client_id_issued_at": 1672221633,
+    "backchannel_logout_uri": [],
+    "backchannel_logout_session_required": false,
+    "par_lifetime": 600,
+    "spontaneous_scopes": [],
+    "id_token_signed_response_alg": "RS256",
+    "access_token_as_jwt": false,
+    "grant_types": [
+        "authorization_code",
+        "refresh_token"
+    ],
+    "subject_type": "pairwise",
+    "keep_client_authorization_after_expiration": false,
+    "require_par": false,
+    "redirect_uris_regex": "",
+    "additional_audience": [],
+    "frontchannel_logout_session_required": false,
+    "client_secret_expires_at": 1672308033,
+    "access_token_signing_alg": "RS256",
+    "response_types": ["code"]
+}
+```
+Response contains `client_id` and `client_secret` apart from other client configuration details.
+
+### Get Client Details
 
 1. Obtain an Access Token with scope `https://jans.io/oauth/config/openid/clients.readonly`.
 ```
@@ -87,7 +137,95 @@ curl -X POST https://my.jans.server/jans-auth/restv1/register \
 curl -X GET https://my.jans.server/jans-config-api/api/v1/openid/clients/client-s_inum_for_which_scope_to_be_added 
    -H "Authorization: Bearer put_access_token_here"
 ``` 
-3. Notice the `scope` field. It is a space-separated String of scope values e.g `"scope" : "openid user_name "`. 
+3. This will return JSON response similar to the one below. 
+```json
+{
+   "dn":"inum=994ec0a7-1143-456c-85ca-66ba592d7f9a,ou=clients,o=jans",
+   "expirationDate":"2022-12-29T10:00:33",
+   "deletable":true,
+   "clientSecret":"5Mlvuh0JRwl/WcpiUNGGXjtDO4+SprNBjiVFFcWqWB4gu7gYxqcSMw==",
+   "frontChannelLogoutSessionRequired":false,
+   "redirectUris":[
+      "http://localhost:8080"
+   ],
+   "responseTypes":[
+      "code"
+   ],
+   "grantTypes":[
+      "authorization_code",
+      "refresh_token",
+      "client_credentials"
+   ],
+   "applicationType":"web",
+   "clientName":"dd-test-client",
+   "clientNameLocalized":{
+
+   },
+   "logoUriLocalized":{
+
+   },
+   "clientUriLocalized":{
+
+   },
+   "policyUriLocalized":{
+
+   },
+   "tosUriLocalized":{
+
+   },
+   "subjectType":"pairwise",
+   "idTokenSignedResponseAlg":"RS256",
+   "tokenEndpointAuthMethod":"client_secret_basic",
+   "scopes":[
+      "inum=F0C4,ou=scopes,o=jans",
+      "inum=43F1,ou=scopes,o=jans",
+      "inum=C4F5,ou=scopes,o=jans",
+      "inum=SSA1-PTL1,ou=scopes,o=jans",
+      "inum=6D99,ou=scopes,o=jans",
+      "inum=7D02,ou=scopes,o=jans",
+      "inum=D491,ou=scopes,o=jans",
+      "inum=C17A,ou=scopes,o=jans",
+      "inum=0465-1DEA,ou=scopes,o=jans",
+      "inum=SSA1-AD01,ou=scopes,o=jans",
+      "inum=10B2,ou=scopes,o=jans",
+      "inum=764C,ou=scopes,o=jans",
+      "inum=341A,ou=scopes,o=jans",
+      "inum=C4F8,ou=scopes,o=jans",
+      "inum=7D01,ou=scopes,o=jans",
+      "inum=SSA1-DEV1,ou=scopes,o=jans",
+      "inum=C4F6,ou=scopes,o=jans"
+   ],
+   "trustedClient":false,
+   "persistClientAuthorizations":true,
+   "includeClaimsInIdToken":false,
+   "customAttributes":[
+
+   ],
+   "customObjectClasses":[
+      "top"
+   ],
+   "rptAsJwt":false,
+   "accessTokenAsJwt":false,
+   "accessTokenSigningAlg":"RS256",
+   "disabled":false,
+   "attributes":{
+      "runIntrospectionScriptBeforeJwtCreation":false,
+      "keepClientAuthorizationAfterExpiration":false,
+      "allowSpontaneousScopes":false,
+      "backchannelLogoutSessionRequired":false,
+      "parLifetime":600,
+      "requirePar":false,
+      "jansDefaultPromptLogin":false,
+      "minimumAcrLevel":-1
+   },
+   "backchannelTokenDeliveryMode":"poll",
+   "backchannelUserCodeParameter":false,
+   "displayName":"dd-test-client",
+   "authenticationMethod":"client_secret_basic",
+   "baseDn":"inum=994ec0a7-1143-456c-85ca-66ba592d7f9a,ou=clients,o=jans",
+   "inum":"994ec0a7-1143-456c-85ca-66ba592d7f9a"
+}
+``` 
 
 ### Add New Scope to Client 
 
@@ -111,20 +249,6 @@ curl -X PATCH -k -H 'Content-Type: application/json-patch+json' \
      ]'
 ```
 
-### Get grant_types For Client
-
-1. Obtain an Access Token with scope `https://jans.io/oauth/config/openid/clients.readonly`.
-```
- curl -u "put_client_id:put_config_api_client_secret_here" https://<your.jans.server>/jans-auth/restv1/token \
-      -d  "grant_type=client_credentials&scope=https://jans.io/oauth/config/openid/clients.readonly" 
-```
-2. Obtain client information using:
-```
- curl -X GET https://my.jans.server/jans-config-api/api/v1/openid/clients/client-s_inum_for_which_grant_types_to_check \ 
-      -H "Authorization: Bearer put_access_token_here"
-``` 
-3. Notice the `grant_types` field in the response.  
-
 ### Add OpenID scope and map to database attribute
 
 1. Obtain access token