Configure a Client

Configure a Client

You can configure different clients with different capabilities in the Curity Identity Server. This tutorial shows how to configure a client suitable for the popular code flow. You can follow the same approach to create clients that enable other flows.

Be aware of your testing tool

This tutorial will show you how to configure your first client in the Curity Identity Server. Some configuration will depend on the tool you will choose for testing. Whenever this is the case you will be presented with tabs for the different options. Be sure to use the appropriate configuration variation.

Setup in the Curity Identity Server

Visit the Profiles screen and click the Token Service. On the left select Clients and click New Client.

New Client

Give the client an ID (eg. www for a website client).

New Client

Capabilities

Scroll down to the Capabilities section and click Add capabilities.

Capabilities

Select the Code Flow capability and click Next.

Code Flow

Redirect URI

The redirect URI is back at the client. If you do not know what you will use, just enter https://localhost/callback for now. This can be changed later if needed. The tabs below outlines configurations for a couple of different approaches for testing the client.

Add the callback URI for OAuth Tools by selecting Add for Web from the OAuth.tools drop-down menu.

Redirect URI

If you run OAuth tools from the app, choose Add for App instead.

When testing with the OAuth Assistant library use the callback URIs on http://localhost:8080 as follows:

Redirect URI

When testing with cURL use https://localhost/callback as the callback URI.

Redirect URI

Client Authentication

For client authentication select secret and enter a secret. Make sure to remember it since it cannot be retrieved later again (but can be reset).

Secret

For client authentication select no-authentication. This will effectively create a public client.

No Authentication

For client authentication select secret and enter a secret. Make sure to remember it since it cannot be retrieved later again (but can be reset).

Secret

User Authentication

For user authentication select the authenticator created in the authenticator tutorial.

User Authentication

Add the openid Scope

To be able to run the OpenID Code flow, add the openid scope to the client. In the section Scope and Claims simply select openid from the list of scopes in the dropdown menu.

Add Scope

Commit

Make sure to commit the changes. Go to the Changes menu and select Commit.

Next Steps

At this point the system should be configured with a working client. The next step would be to test the configuration. There are several ways to test and the approach depends on where the Curity Identity Server is running. Here are a few options that should cover most scenarios.