Manage applications

Use the Console App to manage the access to the applications and service applications whose access is to be managed by the Genero Identity Provider (GIP) on the selected Genero Application Server.

Applications: apps and service apps

The Genero Identity Provider (GIP) can manage the access to:
  • Genero applications that are run on behalf of a user (called apps in the Genero Console App interface)
  • Genero applications that do not have to be run on behalf of a user (called service to service apps in the Genero Console App interface). This type of app often refers to a script that runs without user interaction, often on a timed schedule. One example of a service to service app would be a monitoring tool that runs at night; it could be a simple Genero script or a graphical tool. Another example could be a bash application with no user behind it.

How applications get in the list

Two methods can secure an application by the GIP:
  • Using the Deployment App to add an application.
  • Using the Console App Applications > New app menu to register an application, then adding the security (Client ID and Secret ID) provided by the GIP to the application configuration file included in the package.

Manage apps

Select Applications > Manage apps to view the list of apps and service to service apps managed by the Genero Identity Provider (GIP). Only those applications deployed by the logged-in user are shown; ensure you log in to the Console App as the user who deployed the apps.

Select the row of the app you want to manage and click Modify.

Manage app info

You can update the information regarding the app or service to service app, to include the:
Description
Use this field to describe the app or service app.
Client ID
The Client ID is generated by the GIP.
The Client ID displayed in the Console App must match the <CLIENT_PUBLIC_ID> in the application configuration file for the app or service app.
If you click Generate, it updates the Client ID.
Secret ID
The Secret ID is generated by the GIP.
The Secret ID displayed in the Console App must match the <CLIENT_SECRET_ID> in the application configuration file for the app or service app.
Redirect URLs
The redirect URL (or URLs) is the URL of the OpenIDConnect service on the GAS where the app has been installed. It is the GAS URL + address of the OpenIDConnect service (provided by default in GWS, and called OpenIDConnectServiceProvider.xcf) + the entry point of the service (by default, "oauth2callback") where the IdP will redirect the user-agent to provide the OAuth2 ID token.
Following this explanation, unless some URL rewriting has occurred and is configured in the web server, the URL will be: http[s]://host:port/[gas/]ws/r/services/OpenIDConnectServiceProvider/oauth2callback.

Manage roles and scopes

You can also update the authorization, required and optional scopes (for applications) or scopes (for service to service applications).

For the managed app:
  • The authorization roles identify the role of the user (for example, Role.Admin, Role.User, and so on) permitted to access the app. If you need a new authorization role that is not listed, create the authorization role in the Console App using the Security > Authorization menu.
  • The required scopes are those scopes required to use the application, for example, openid and profile.me.
  • The optional scopes are those scopes required by some parts of the application; however the application can still be run without the user having these scopes; it may not be fully functional.

For the managed service to service app, the scopes identify those scopes that the service application needs to run its scripts.