Prerequisites > Client Application Registration
A Client Application must be pre-registered with the IAR team in order to launch the Visual Application. This section describes the list of items that will be covered during the registration process.
The Client ID attribute will be assigned by the IAR team. This attribute is required and is specified in the ‘sub’ claim of the Authentication JWT.
The Issuer attribute will be assigned by the IAR team. This attribute is specified in both the Authentication and Authorization JWTs to uniquely identify the client application.
The Client Application must register the public portion of the public/private key pair for use in digitally signing the JWT requests. The private key will be used by the Client Application to sign the authentication and authorization JWTs. Refer to RFC7517, JSON Web Key for details on format of public/private key pairs.
A number of tools can be used to generate the JWKS files required for digitally signing tokens. One option is the MKJWK tool which is maintained by the MIT Kerberos and Internet Trust. The parameters to use are as follows:
2048
(or higher)Signing
RS256
(or higher)NOTE: It is recommended to download the command line version of the tool in order to generate the keys locally (as opposed to trusting a remote service for secret keys).
JWK below contains both public and private keys.
{ "kty": "RSA", "d": "Vy74w6bJX {trimmed}", "e": "AQAB", "use": "sig", "kid": "client-name-token-signature", "alg": "RS256", "n": "kLA5YCKFMM {trimmed}" }
NOTE: the private key should be kept secure and strictly confidential by the Client Application. Anyone who is in possession of the private key can be used to generate access tokens.
JWK contains the public key only. This public portion will be registered in IAR.
{ "kty": "RSA", "e": "AQAB", "use": "sig", "kid": "client-name-token-signature", "alg": "RS256", "n": "kLA5YCKFMM {trimmed}" }
Powered by SIMPLIFIER.NET