Add and Manage Applications
Add and manage applications receiving data from other organisations. Generate Applications to register client applications at Data Providers' OAuth Authorisation Servers. Request certificates, generate key pairs, add Software Statement Assertions, and more.
- Your organisation has one or more Authorisation Domain Roles assigned. If your organisation has no role assigned, contact with your Trust Framework Administrator to have one assigned.
- Access Token with Write Access and with the directory:website scope - if you want to publish Authorisation Server Certifications using Connect's APIs.
At the moment, in Raidiam Connect, the existence of applications and OAuth client applications per se is implied through generated Applications -- as the Centralized Directory does not store any OAuth client configuration and does not enable immediate access to Data Providers' resources without registering a client application at their Authorisation Servers.
This is why Raidiam Connect makes it possible for organisations to register their client applications using OAuth Dynamic Client Registration (DCR) and Applications issued by Raidiam.
Select Applications > New Application.
Fill in the fields describing the software statement for your application.
Field | Description | Example |
|---|---|---|
Client Name | It is recommended to use the brand name that the customers are familiar with. This is the name of your software application a user sees while providing their consent to share data. | Raidiam |
Flags | Any flag configured within your ecosystem or federation that applies to your application. | receiver |
Logo | Brand logo URI | |
| | |
Role | Select one or more Authorisation Domain Roles that were assigned to your organisation. Roles enable applications to get the access scopes the application needs to access the Data Providers' resources or access Raidiam Connect APIs. | FrameworkAdmin |
| | |
Federation Enabled | Defines whether the application is bound to a Federation or not. | n/a |
| | |
Client URI | Website or root URI from the resource. | https://raidiam.com/info.html |
Policy URI | Must be a defined text sequence that represents a single unique policy URI | https://raidiam.com/policy.html |
Terms of service URI | Must be a text string that represents the unique URI for ToS | https://raidiam.com/tos.html |
Redirect URI | Must be a text string that represents an unique URI for application and redirects. This is the URI where the user is redirected back after they provide their consent. You can provide one or more URIs that will be registered at the authorisation server. | https://raidiam.com/cb1 https://raidiam.com/cb2 |
API Webhook URI | Webhook URI where Raidiam can post events. | https://www.example.com/webhooks/ |
Post Logout Redirect URI | A text string representing an unique URI for application and redirects. This is the URI where the user gets redirected once their sign out of the application. You can provide one or more URIs. | https://www.raidiam.com/logout |
| | |
On Behalf of | Optional for implementation | |
Description | Must be a text string of your choice | Raidiam your service solution |
Version | Version of your application. Must be defined by a numeric value, an integer, or a floating point number. | 1 |
Additional client metada | This field allows a user to define extra metadata to be retrieved from the token endpoint. Accepts a valid JSON block (defaults to {}) | |
Save.
Some of the application configuration is not available during application creation like, for example, the settings of how the application authenticates with Raidiam's Authorisation Server while accessing Connect's APIs.
If you wish to fully configure your application for accessing Raidiam's APIs, see the View and Edit Application Details section of this article.
Select Applications.
Select an application of your choice from the list.
If a Software Statement Assertion was generated for an application, a software statement is in the locked status making it impossible to make any changes to the application's details.
In such cases, you need to unlock the software statement using the lock button next to the statement you wish to edit and make your changes. This also means you need to generate a new assertion that reflects the changes and update client configuration at any authorisation server where the client application is registered.
Select Edit Application.
Application details view contains other useful configuration that you cannot always set up during creating an application. For example, through editing the detailed settings, you can configure settings like:
Field | Description |
|---|---|
Require Signed Request Object | Defines whether the request object needs to be signed while accessing Raidiam Connect's authorisation endpoint according to the OAuth JWT-secured Authorization Request (JAR RFC9101) specification. |
Token Signed Response Algorithm | Defines the algorithm used to sign access, ID, and refresh tokens issued by Raidiam's Authorisation Server. |
Token Endpoint Authentication Method | Defines the method of how the client application authenticates with Raidiam's Authorisation Server. One of: tls_client_auth, client_secret_basic, private_key_jwt |
tls_client_certificate_bound_access_tokens | If enabled, access tokens issued by Raidiam Authorisation Server are bound to the client application's certificate as specified by the OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens (RFC8705) section #3. |
For security purposes, Applications -- Software Statements -- can be only soft-deleted by disabling them.
You can disable a Software Statement by selecting the Delete button (bin icon under Actions) or by using the Update Software Statement by ID API and setting the statement's status to inactive.
Raidiam Connect allows organisations to integrate with the following APIs for Software Statement Management: