[Prerequisites](Prerequisites) > Client Application Registration

# Client Application Registration

A Client Application must be pre-registered with the IAR team in order to launch the Visual Application.  This section describes the list of items that will be covered during the registration process.

## Client ID

The Client ID attribute will be assigned by the IAR team.  This attribute is required and is specified in the ‘sub’ claim of the [Authentication JWT][3].


## Issuer

The Issuer attribute will be assigned by the IAR team.  This attribute is specified in both the [Authentication and Authorization JWTs][2] to uniquely identify the client application. 

## JWT Signing Keypair Set

The Client Application must register the public portion of the public/private key pair for use in digitally signing the JWT requests.  The private key will be used by the Client Application to sign the authentication and authorization JWTs.  Refer to [RFC7517][1], JSON Web Key for details on format of public/private key pairs.

A number of tools can be used to generate the JWKS files required for digitally signing tokens.  One option is the [MKJWK][4] tool which is maintained by the MIT Kerberos and Internet Trust.  The parameters to use are as follows:

- Key Size: `2048` (or higher)
- Key Use: `Signing`
- Algorithm: `RS256` (or higher)
- Key ID: use a meaningful key ID (i.e. client-name-token-signature)

> NOTE: It is recommended to download the command line version of the tool in order to generate the keys locally (as opposed to trusting a remote service for secret keys).

### Sample JSON Web Key (JWK) Keypair

JWK below contains both public and private keys.

```javascript
{
  "kty": "RSA",
  "d": "Vy74w6bJX {trimmed}",
  "e": "AQAB",
  "use": "sig",
  "kid": "client-name-token-signature",
  "alg": "RS256",
  "n": "kLA5YCKFMM {trimmed}"
}
```

> NOTE: the private key should be kept secure and strictly confidential by the Client Application.  Anyone who is in possession of the private key can be used to generate access tokens.

### Sample JWK Public Key

JWK contains the public key only.  This public portion will be registered in IAR.

```javascript
{
  "kty": "RSA",
  "e": "AQAB",
  "use": "sig",
  "kid": "client-name-token-signature",
  "alg": "RS256",
  "n": "kLA5YCKFMM {trimmed}"
}
```

[1]: http://www.rfc-editor.org/rfc/rfc7517.txt
[2]: AuthenticationandAuthorizationTokens
[3]: AuthenticationandAuthorizationTokens#jwt-authentication-token
[4]: https://mkjwk.org