Clients configuration
Clients represent the applications that need to get authorized access to a restricted HTTP service (Resource Server). Boruta helps them to obtain tokens following OAuth 2.0 and OpenID Connect specifications so that they can present them to prove their access rights.
Architecture
For each client you can configure a specific identity provider, that will be associated to a backend, helping to provide both authorization and authentication for them. This way, each client will have a custom interface as mean of authentication for the end-users.
Have a look at identity provider configuration
Have a look at backend configuration
Manage through User Interface
The Administration interface gives the ability to create, update and delete clients. Clients are listed through the Clients > client list section in the sidebar menu.
Manage through API
All client operations are accessible through a REST API following the below description. All client management endpoints are protected with a Bearer token that can be obtained with any OAuth flow. In order to get access, you need to have an access token with the private scope clients:manage:all granted.
Have a look at the API documentation
Navigation
- Top level configuration - General configuration
- Client and end-user authentication - Authentication
- Securing the flows - Security
- Restricting the flows - Grant types