Registering a client with an OAuth 2 server

Before you can delegate certificates using the OAuth for MyProxy service, you must register your OAuth for MyProxy client. In the course of this you will receive two things:

  • a client identifier
  • a client secret

The client identifier is a unique string that is used to identify your client to the server. This should be put into your configuration file. Rather than exchange public keys or some other method of ensuring that your client is indeed authentic, a client secret is generated at run time. This is the only time it actually is shown. The server merely stores a hash of this rather than the actual value, consequently you have the only copy. If you lose this, you must register your client again.

Filling out the registration form

The default registration form looks like this:

Registration Form Image

The various fields are as follows:

  • Client Name: A human readable name for the science gateway (OAuth for MyProxy client) that you are registering. This will be displayed to users and should identify your site.
  • Contact email: An email address where a human being can be reached for support.
  • Home url: The main address for your site. This will be displayed to users as part of the authentication process. It is not required to be secure.
  • Refresh token lifetime: (in seconds). This may be present but only if the server actually supports this feature. If it is available and you leave this blank, then no refresh tokens will be issued for your client.
  • Limited proxy support. This is mostly needed by servers that are affiliated with Globus. If this is present, you should understand what it does before checking it.
  • Callback URLs A list of callback URLs, one per line must be registered with the server. Client requests must send one of these and if the callback urls sent does not match one of the registered ones, the client request will be rejected. At this point, no wildcards are accepted. As per thje specification, all of these must be secure.

Fill in the appropriate values. Note that the contact email should be for an actual person, not a generic one for an organization since an email will be sent to it once the client has been approved. When you click submit you should get a page like this

Succesful Regsitration Image

The only warning with the secret is to be sure that when you copy and paste it into the configuration file that you do not introduce spaces or line breaks. The secret should be a single line. The server administrator will get a notice that your client has requested approval and once this has been reviewed, an email will be sent to the contact email you gave above.


Last modified 09/22/16.
©2000-2013 Board of Trustees of the University of Illinois.