Apps

Applications are ways to link SmartWorks IoT to external sources of information. These external sources, like anything, must supply SmartWorks IoT with an access token before being able to communicate. Apps help you define the permissions for those access tokens and then create them to be used externally.
Note: Tokens (or secrets) in the application are only ever displayed once for security reasons. If you lose your token, you will need to reset it using the Reset Secret button.

Applications represent one kind of OAUTH client, and provide an easy way to create these clients as needed.

Create an App

  1. To create a new App, click New App.


  2. In the New App panel, enter the name and a description (optional).
  3. Scopes allow you to configure which areas of SmartWorks IoT the client has access to. Make a selection from the drop down menu. You can select multiple options.


    Figure 1.
  4. Chose the type of App you want to build. You can select between Client Credentials, or Authorization Code.

    Client credentials are a mechanism to generate an access token to use the API. This grant type is for use outside the context of a user. Use cases include authenticating devices, serverless functions and ecp clusters.

    Authorization Code: is a mechanism to authenticate the users of a web or mobile application that has been built using SmartWorks IoT. With this grant type, users can be authenticated without exposing a client secret in the app code. Instead, users can authenticate by entering a username and password in the SmartWorks IoT Identity Management Provider to retrieve an authorization code which can be exchanged for an access token.

  5. Complete the steps below when using Client Credentials:
    1. Click Save to create the App.
      The App is created.


      Figure 2.
  6. Complete the steps below when using Authorization Code:
    • Redirect uris: indicates where the user will be redirected once authenticated
    • Post-logout Redirect uris: indicates where the user will be redirected after logging out
    • Frontchannel Logout uri: indicate the uri that supports the frontchannel logout mechanism
    • Backchannel Logout uri: indicates the uri that supports the application logged out
    • Allowed CORS Origins: indicates the domains that are allowed to access the IDP
    Note: You can add multiple uris by separating them with commas.


    Figure 3.
    1. Click Save to create the App.
      The App is created.
  7. After creating the app, you are redirected to the Policies tab. Click on the + button to add the required Policies.


    Figure 4.

    The added Policy provides access any resource in the platform.

  8. Make any changes to the default Policy that appears and click Save.
    Tip: Click Revert Changes to undo your changes.

The basic method of authentication used for this purpose is Oauth. All applications have a client ID and secret ID, so the user can get a token and interact with the platform.

  1. To reset the Secret, on the Details pane, click Reset Client Secret.
    The App secret will generate randomly and display on the screen.


    Figure 5.