Skip to main content
Skip table of contents

Creating a new Service Agent

When creating a new service, or agent to integrate with VidiFlow, the service/agent needs to register itself into the Authentication service in order to authenticate.
Please Note: Although the new service/agent can reuse the existing configuration, it is not recommended to do so for security concern and better configuration separations.
A new client can be done directly in the SWAGGER UI.

Path Swagger Reference: Creating a new Authentication Client

POST  /v1/Client

Sample Client Body Definition (Implicit)

CODE
{
  "enabled": true,
  "clientId": "{{clientId}}",
  "protocolType": "oidc",
  "clientSecrets": [
    {
      "description": null,
      "value": "{{clientSecret}}",
      "expiration": null,
      "type": "SharedSecret"
    }
  ],
  "requireClientSecret": false,
  "clientName": "Description for the client service",
  "clientUri": null,
  "logoUri": null,
  "requireConsent": false,
  "allowRememberConsent": true,
  "allowedGrantTypes": [
    "authorization_code",
    "client_credentials"
  ],
  "requirePkce": false,
  "allowPlainTextPkce": false,
  "allowAccessTokensViaBrowser": true,
  "redirectUris": [
    https://webserver/oauth2/callback   // The url to be called once user successfully login
  ],
  "postLogoutRedirectUris": [
http://webserver/signout-callback-oidc  // The urls to be called when the user successfully logout
  ],
  "frontChannelLogoutUri": null,
  "frontChannelLogoutSessionRequired": true,
  "backChannelLogoutUri": null,
  "backChannelLogoutSessionRequired": true,
  "allowOfflineAccess": true,
  "allowedScopes": [
    "identityscope",  // Scopes that the client allowed to use
    "openid",
    "profile"
  ],
  "alwaysIncludeUserClaimsInIdToken": false,
  "identityTokenLifetime": 1800,
  "accessTokenLifetime": 1800,
  "authorizationCodeLifetime": 300,
  "absoluteRefreshTokenLifetime": 2592000,
  "slidingRefreshTokenLifetime": 1296000,
  "consentLifetime": null,
  "refreshTokenUsage": 1,
  "updateAccessTokenClaimsOnRefresh": false,
  "refreshTokenExpiration": 1,
  "accessTokenType": 0,
  "enableLocalLogin": true,
  "identityProviderRestrictions": [],
  "includeJwtId": false,
  "claims": [],  // The claims the client are allowed. Refer to the following section
  "alwaysSendClientClaims": true,
  "clientClaimsPrefix": "client_",
  "pairWiseSubjectSalt": null,
  "allowedCorsOrigins": [
    http://webserver    // The web site/services that allowed to use the client (CORS Policy)
  ],
  "properties": {}
}

Sample Client Body Definition (Client Credentials)

CODE
{
  "enabled": true,
  "clientId": {{clientId}},
  "protocolType": "oidc",
  "clientSecrets": [
    {
      "description": null,
      "value": {{clientSecret}},
      "expiration": null,
      "type": "SharedSecret"
    }
  ],
  "requireClientSecret": false,
  "clientName": "Description of the client service",
  "clientUri": null,
  "logoUri": null,
  "requireConsent": true,
  "allowRememberConsent": true,
  "allowedGrantTypes": [
    "client_credentials"
  ],
  "requirePkce": false,
  "allowPlainTextPkce": false,
  "allowAccessTokensViaBrowser": true,
  "redirectUris": [],
  "postLogoutRedirectUris": [],
  "frontChannelLogoutUri": null,
  "frontChannelLogoutSessionRequired": true,
  "backChannelLogoutUri": null,
  "backChannelLogoutSessionRequired": true,
  "allowOfflineAccess": true,
  "allowedScopes": [
    "api1",                            // Scopes that the client allowed to use
    "configportalscope"
  ],
  "alwaysIncludeUserClaimsInIdToken": false,
  "identityTokenLifetime": 300,
  "accessTokenLifetime": 3600,
  "authorizationCodeLifetime": 300,
  "absoluteRefreshTokenLifetime": 2592000,
  "slidingRefreshTokenLifetime": 1296000,
  "consentLifetime": null,
  "refreshTokenUsage": 1,
  "updateAccessTokenClaimsOnRefresh": false,
  "refreshTokenExpiration": 1,
  "accessTokenType": 0,
  "enableLocalLogin": true,
  "identityProviderRestrictions": [],
  "includeJwtId": false,
  "claims": [], // The claims the client are allowed. Refer to the following section
  "alwaysSendClientClaims": true,
  "clientClaimsPrefix": "",
  "pairWiseSubjectSalt": null,
  "allowedCorsOrigins": [ ],   // Not required unless this is a web service
  "properties": {}
}

The ClientId and ClientSecret should be unique for each service/agent. They can be auto-generated GUID for the sake of simplicity.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.