How-Tos
Applications
Add and Manage Applications
add and manage applications receiving data from other organisations generate applications docid\ at1zjk4wwrastj pdhvhx to register client applications at data providers docid\ apm ilivcfpfft1ld0puc ' authorisation servers docid\ aw0rfr 6i9dbui8sh7hkd request certificates, generate key pairs, add software statement assertion docid\ gqktwpb7 8uwzz ua nqw , and more prerequisites users docid\ ijyftusvdonrn4rxsnsev or users docid\ ijyftusvdonrn4rxsnsev access to the platform your organisation has one or more roles docid\ xw3vr6nmb0sirrxtus107 assigned if your organisation has no role assigned, contact with your trust framework participants docid\ zwoo4fno16xiy1mcodij5 to have one assigned get an access token (r/w) docid\ bpimoxcmny4u46fbf0zsw and with the directory\ website scope if you want to publish authorisation server certifications using connect's apis create application at the moment, in raidiam connect, the existence of applications and oauth client applications per se is implied through generated applications docid\ at1zjk4wwrastj pdhvhx as the centralized directory docid\ kt2uiavikzfzklbevp1 g does not store any oauth client configuration and does not enable immediate access to data providers docid\ apm ilivcfpfft1ld0puc ' resources without registering a client application at their authorisation servers docid\ aw0rfr 6i9dbui8sh7hkd this is why raidiam connect makes it possible for organisations to register their client applications using registration framework docid\ q6si2ya2zeapvwb028 er and applications docid\ at1zjk4wwrastj pdhvhx issued by raidiam select applications > new application fill in the fields describing the software statement for your application field d escription example client name it is recommended to use the brand name that the customers are familiar with this is the name of your software application a user sees while providing their consent to share data raidiam flags any flag configured within your ecosystem or federation that applies to your application receiver logo brand logo uri https //raidiam com/logo svg https //raidiam com/logo svg role select one or more roles docid\ xw3vr6nmb0sirrxtus107 that were assigned to your organisation roles enable applications to get the access scopes the application needs to access the data providers docid\ apm ilivcfpfft1ld0puc ' resources or access raidiam connect apis frameworkadmin federation enabled defines whether the application is bound to a registration framework docid\ q6si2ya2zeapvwb028 er or not n/a client uri website or root uri from the resource https //raidiam com/info html policy uri must be a defined text sequence that represents a single unique policy uri https //raidiam com/policy html terms of service uri must be a text string that represents the unique uri for tos https //raidiam com/tos html redirect uri must be a text string that represents an unique uri for application and redirects this is the uri where the user is redirected back after they provide their consent you can provide one or more uris that will be registered at the authorisation server https //raidiam com/cb1 https //raidiam com/cb2 api webhook uri webhook uri where raidiam can post events https //www example com/webhooks/ post logout redirect uri a text string representing an unique uri for application and redirects this is the uri where the user gets redirected once their sign out of the application you can provide one or more uris https //www raidiam com/logout on behalf of optional for implementation description must be a text string of your choice raidiam your service solution version version of your application m ust be defined by a numeric value, an integer, or a floating point number 1 additional client metada this field allows a user to define extra metadata to be retrieved from the token endpoint accepts a valid json block (defaults to {}) save some of the application configuration is not available during application creation like, for example, the settings of how the application authenticates with raidiam's authorisation server while accessing connect's apis if you wish to fully configure your application for accessing raidiam's apis, see the view and edit application details section of this article view and edit application details select applications select an application of your choice from the list if a software statement assertion docid\ gqktwpb7 8uwzz ua nqw was generated for an application, a software statement is in the locked status making it impossible to make any changes to the application's details in such cases, you need to unlock the software statement using the lock button next to the statement you wish to edit and make your changes this also means you need to generate software statement assertions for dcr docid\ m5udwbcefyinvhd knjws that reflects the changes and update client configuration at any authorisation server where the client application is registered select edit application application details view contains other useful configuration that you cannot always set up during creating an application for example, through editing the detailed settings, you can configure settings like field description require signed request object defines whether the request object needs to be signed while accessing raidiam connect's authorisation endpoint according to the oauth jwt secured authorization request (jar rfc9101) specification token signed response algorithm defines the algorithm used to sign access, id, and refresh tokens issued by raidiam's authorisation server token endpoint authentication method defines the method of how the client application authenticates with raidiam's authorisation server one of tls client auth , client secret basic , private key jwt tls client certificate bound access tokens if enabled, access tokens issued by raidiam authorisation server are bound to the client application's certificate as specified by the oauth 2 0 mutual tls client authentication and certificate bound access tokens (rfc8705) section #3 delete application for security purposes, applications software statements can be only soft deleted by disabling them you can disable a software statement by selecting the delete button ( bin icon under actions) or by using the update software statement by id api and setting the statement's status to inactive manage applications using apis raidiam connect allows organisations to integrate with the following apis for software statement management create software statement get all software statements for organisation get software statement details update software statement details