Document toolboxDocument toolbox

Vidispine

Creating a new Service Agent [VF 21.4 IG]

When creating a new service, or agent to integrate with VidiFlow, the service/agent needs to register itself into the Authentication service in order to authenticate.
Please Note: Although the new service/agent can reuse the existing configuration, it is not recommended to do so for security concern and better configuration separations.
A new client can be done directly in the SWAGGER UI.

Path Swagger Reference: Creating a new Authentication Client

POST  /v1/Client

Sample Client Body Definition (Implicit)

{ "enabled": true, "clientId": "{{clientId}}", "protocolType": "oidc", "clientSecrets": [ { "description": null, "value": "{{clientSecret}}", "expiration": null, "type": "SharedSecret" } ], "requireClientSecret": false, "clientName": "Description for the client service", "clientUri": null, "logoUri": null, "requireConsent": false, "allowRememberConsent": true, "allowedGrantTypes": [ "authorization_code", "client_credentials" ], "requirePkce": false, "allowPlainTextPkce": false, "allowAccessTokensViaBrowser": true, "redirectUris": [ https://webserver/oauth2/callback // The url to be called once user successfully login ], "postLogoutRedirectUris": [ http://webserver/signout-callback-oidc // The urls to be called when the user successfully logout ], "frontChannelLogoutUri": null, "frontChannelLogoutSessionRequired": true, "backChannelLogoutUri": null, "backChannelLogoutSessionRequired": true, "allowOfflineAccess": true, "allowedScopes": [ "identityscope", // Scopes that the client allowed to use "openid", "profile" ], "alwaysIncludeUserClaimsInIdToken": false, "identityTokenLifetime": 1800, "accessTokenLifetime": 1800, "authorizationCodeLifetime": 300, "absoluteRefreshTokenLifetime": 2592000, "slidingRefreshTokenLifetime": 1296000, "consentLifetime": null, "refreshTokenUsage": 1, "updateAccessTokenClaimsOnRefresh": false, "refreshTokenExpiration": 1, "accessTokenType": 0, "enableLocalLogin": true, "identityProviderRestrictions": [], "includeJwtId": false, "claims": [], // The claims the client are allowed. Refer to the following section "alwaysSendClientClaims": true, "clientClaimsPrefix": "client_", "pairWiseSubjectSalt": null, "allowedCorsOrigins": [ http://webserver // The web site/services that allowed to use the client (CORS Policy) ], "properties": {} }

 

Sample Client Body Definition (Client Credentials)

{ "enabled": true, "clientId": {{clientId}}, "protocolType": "oidc", "clientSecrets": [ { "description": null, "value": {{clientSecret}}, "expiration": null, "type": "SharedSecret" } ], "requireClientSecret": false, "clientName": "Description of the client service", "clientUri": null, "logoUri": null, "requireConsent": true, "allowRememberConsent": true, "allowedGrantTypes": [ "client_credentials" ], "requirePkce": false, "allowPlainTextPkce": false, "allowAccessTokensViaBrowser": true, "redirectUris": [], "postLogoutRedirectUris": [], "frontChannelLogoutUri": null, "frontChannelLogoutSessionRequired": true, "backChannelLogoutUri": null, "backChannelLogoutSessionRequired": true, "allowOfflineAccess": true, "allowedScopes": [ "api1", // Scopes that the client allowed to use "configportalscope" ], "alwaysIncludeUserClaimsInIdToken": false, "identityTokenLifetime": 300, "accessTokenLifetime": 3600, "authorizationCodeLifetime": 300, "absoluteRefreshTokenLifetime": 2592000, "slidingRefreshTokenLifetime": 1296000, "consentLifetime": null, "refreshTokenUsage": 1, "updateAccessTokenClaimsOnRefresh": false, "refreshTokenExpiration": 1, "accessTokenType": 0, "enableLocalLogin": true, "identityProviderRestrictions": [], "includeJwtId": false, "claims": [], // The claims the client are allowed. Refer to the following section "alwaysSendClientClaims": true, "clientClaimsPrefix": "", "pairWiseSubjectSalt": null, "allowedCorsOrigins": [ ], // Not required unless this is a web service "properties": {} }

The ClientId and ClientSecret should be unique for each service/agent. They can be auto-generated GUID for the sake of simplicity.