Client Settings
Last updated
Last updated
In the Admin Console, click the Clients -> Client Settings tab on the left, and you'll see client table view on the right.
Client table contains following fields,
Logo: Clients logo will show based on the logo URL
Client Name: The "client name" refers to a unique identifier or name assigned to a client application that interacts with an authentication server or identity provider. The client name is used during the registration and configuration process to identify and authenticate the client application when it requests access to protected resources.
Type: Selected Client Type will show (Client Side, Server Side, Server to Server, Mobile, Desktop
Client ID: After Client Creation will get Unique the Client ID.
Owner: MFA Config is false then its a 'Admin'.
Input a keyword in the search box above the Client table, click the 'Search' button, and you'll see the matching users in the table. Search using Client Name.
Top right corner Create Client button is there. through that you can create a new client.
To Create a New Client -> Need to fill,
Name: The Name is used on the default hosted page to inform the user about the current application he is registering or login.
Logo Url: The Logo URL will be displayed on the App Overview Page but is also used on the default hosted pages to customize your application.
Type: The Type will determine which further app settings you will see and can configure. There are multiple different app Type which we are happy to explain below
1. Client Side: "client-side client creation" refers to the process of creating a client application directly on the client-side, typically within the frontend of a web application or a mobile app. This client application is responsible for handling authentication requests, such as user login and registration, and obtaining the necessary credentials (e.g., access tokens) from the authentication server.
2. Server Side: Server-side client creation in authentication refers to the process of creating and managing client applications on the server-side of an authentication system. Unlike client-side client creation, which takes place on the frontend (client-side) of an application, server-side client creation involves registering and configuring client applications on the backend (server-side) with the authentication server.
3. Server to Server: Server-to-server client creation in authentication refers to the process of creating and configuring client applications for communication between servers without direct user involvement. In this scenario, one server (acting as a client) communicates with another server (acting as a resource server or authentication provider) to access protected resources or perform operations on behalf of users.
Server-to-server client creation is commonly used in backend-to-backend communication, where a server needs to access resources or services from another server securely, without user interaction. This type of communication often involves using secure protocols like OAuth 2.0 and API keys for authentication and authorization.
4. Mobile: A mobile client application is a software application that runs on a mobile device (e.g., smartphones, tablets) and interacts with remote servers or APIs to request data, perform actions, and provide a user interface for mobile users.
5. Desktop: "Desktop type" refers to the process of creating client applications that run on desktop computers. Desktop clients are software applications installed and executed on a user's computer to interact with remote servers, access data, and provide a user interface for users to perform various tasks.
Client Scopes: Scopes have been introduced with OAuth2 to allow an elegant technical way to protect the software services by tagging them with scopes
and to control access of Apps (clients) - company owned apps as well as 3rd party apps
Redirect Urls: This setting will permit to which redirect URL Skillmine Authenticator will provide the code or token after successful authentication
Allowed Logout Urls: The allowed logout URLs specify which URLS are allowed to redirect the user to, after successful logout
Token Expiry Time: Tokens, such as JSON Web Tokens (JWT), are commonly used for authentication in modern applications. The token expiry time, also known as the token's "lifetime" or "expiration time," specifies how long the token remains valid before it expires. After the token expires, it becomes invalid and cannot be used for further authentication or authorization.
Inactivity Time: Inactivity time, also known as idle time or session timeout, refers to the period of user inactivity within an application or system. It is the duration during which a user does not interact with the application by clicking, typing, or performing any other activity. Inactivity time is a crucial concept in user session management and security, and it is used to define how long a user's session should remain active before it is automatically terminated.
Allow All Origins: Allow All Origins" is a configuration setting used in web applications to enable Cross-Origin Resource Sharing (CORS) from any origin. CORS is a security feature implemented in web browsers that controls how web pages or web applications can interact with resources from different origins (domains, protocols, or ports) than the one that served the web page.
Company Name: The Company Name is used only internally
Policy Url: The Privacy Policy URL will be presented at the bottom of the default hosted pages or profile page to match the regulations if provided
Terms Url: A "Terms URL" (Uniform Resource Locator) refers to the web address or URL that provides access to the terms and conditions of a website or an application.
After filling the Mandatory fields Click -> Save button to create Client.
Once Client is created, then edit the created client to view the Client Id & Client Secret.
Client ID: The client ID will be generated during client creation. It is the unique identifier used across several authentication flows
Client Secret: The client secret will be generated during client creation. It is used e.g. for the client credentials flow and works as a secret. Therefore also you might also want to have a look into the client secret rotation.