Using clients you can manage the technical details for an integration into your services. Services may have multiple clients to cater for different types of integration (mobile, website, ...).
Clients have a simple lifecycle, once they are created they immediately get into the active state and can be used. At any point in time you can choose to
Delete a specific client, which puts it into the state deleted. Clients remain in the state deleted for 14 days, once these are passed it will be permanently removed. Within the 14 days grace period clients can be re-activated and return to into the active state.
Status changes on the overall service this client belongs to will also have immediate effect on all of its clients.
Creating a Client¶
To create a client for a service, select Add client in the details view of the service. Client Details can be defined in the provided form.
Fill out the necessary details, most importantly in case this client is meant for production use make sure that the Callback URL points to the same backend that operates this specific service. While this is not technically enforced, the callback URL must be operated by your company.
Please note that netID uses pairwise subject identifiers, which are derived respective to the clients callback url (more specifically the hostname portion) set here. If you're using multiple clients for a service, you may want to use callback urls with identical host portion to avoid receiving different
sub values for the same user.
Token signing is not strictly necessary, but recommended. To enable token signing choose your preferred signing mechanism (RS256 or ES256). To learn more about token signing or validation, please visit https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
Please note that some standard libraries may not work if token signing is set to
Once the client is created you can retrieve the necessary credentials to integrate into your environment by expanding the client details, namely Client ID and Client Secret.
Depending on the status of the clients service w.r.t.approval for production use the Client Secret will be shown as
- Client secret - sandbox: which indicates that the service is still in sandboxed mode
- Client secret - live: which indicates that the service has been approved to be used in a production environment
Client secret after service approval
Please note that the Client Secret does not change when the service is approved for production use, that means you do not need to change the configuration of your client / take action after the approval.
Edit a Client¶
To edit a client select Edit in the Clients listing of the details view of the respective service for this client. Client details can be edited in the provided form.
Make the desired changes and updates and save the information by confirmation using Update Client.
Deactivate a Client¶
To temporarily deactivate a client select Edit in the Clients listing of the details view of the respective service for this client.
In the client details form select the Inactive in the drop down menu under Status.
Reactivate a Client¶
To reactivate a client select Edit in the Clients listing in the details view of the respective service for this client.
In the client details form select the Active in the drop down menu under Status.
Delete a Client¶
To delete a client permanently expand the client details in the Clients listing of the details view of the respective service for this client.
Click on Delete client at the bottom of the expanded details and confirm the deletion. See notes on lifecycle