Create a workspace client
post
/admin/workspaceClients
Request
There are no request parameters for this operation.
Supported Media Types
- application/json
Root Schema : schema
Type:
Show Source
object-
client-identity-propagation-required: boolean
Default Value:
falseIf set to false, then Routing will fall back to Industries Framework credentials for token issuance if no client app key credentials are set. TICs can also require that the original client's identity in scope of the target OIDC server is mandatory. -
client-name: string
This is the name of the client application as it is shown in the configuration UX
-
description: string
meant to capture record level documentation
-
fixed-users-for-user-assertion-by-tic: object
fixed-users-for-user-assertion-by-tic
Additional Properties Allowed:
truethe fixed user name to put into user assertion tokens instead the name that might come from an inbound user token. Also used for the translation case of client token to user assertion -
fusion-client-id: object
fusion-client-id
This is the client ID that comes from the token, created by the Fusion token mapper in FA Topology Manager
-
global-oidc-server-data: object
global-oidc-server-data
Additional Properties Allowed: additionalPropertiesThe required secret information to request access tokens with the identity of the workspace client. The object is keyed by the name of the global OIDCServer entry. This configuration is mainly used for inbound token translation from a non-Industries Framework to a Industries Framework token as done by TokenMapper.
-
labels: array
labels
Minimum Number of Items:
1Used in routing with workspace-routing-criteria -
supported-outbound-token-scopes: array
supported-outbound-token-scopes
Minimum Number of Items:
1List of allowed scopes that this Workspace Client can request when generating outbound token -
workspace-oidc-server-data: object
workspace-oidc-server-data
Additional Properties Allowed: additionalPropertiesthe required secret information to request access tokens with the identity of the workspace client. The object is keyed by the name of the OIDCServer entry in the workspace
Match One Schema
Show Source
Nested Schema : fixed-users-for-user-assertion-by-tic
Type:
objectMaximum Length:
80Additional Properties Allowed:
truethe fixed user name to put into user assertion tokens instead the name that might come from an
inbound user token. Also used for the translation case of client token to user assertion
Nested Schema : fusion-client-id
Type:
objectThis is the client ID that comes from the token, created by the Fusion token mapper in FA Topology Manager
Show Source
Nested Schema : global-oidc-server-data
Type:
objectAdditional Properties Allowed
Show Source
The required secret information to request access tokens with the identity of the workspace client. The object is keyed by the name of the global OIDCServer entry. This configuration is mainly used for inbound token translation from a non-Industries Framework to a Industries Framework token as done by TokenMapper.
Nested Schema : labels
Type:
arrayMinimum Number of Items:
1Used in routing with workspace-routing-criteria
Show Source
Nested Schema : supported-outbound-token-scopes
Type:
arrayMinimum Number of Items:
1List of allowed scopes that this Workspace Client can request when generating outbound token
Show Source
Nested Schema : workspace-oidc-server-data
Type:
objectAdditional Properties Allowed
Show Source
the required secret information to request access tokens with the identity of the workspace client. The
object is keyed by the name of the OIDCServer entry in the workspace
Nested Schema : additionalProperties
Type:
Show Source
object-
client-id: string
reference to the secret that contains the OAuth 2 client ID
-
client-secret: string
reference to the secret that contains the OAuth 2 client secret. Only needed in case of a Fusion app as client
-
description: string
meant to capture record level documentation
-
signing-key: string
reference to the secret that contains the RFC7523 request signing key. Only needed in case of a Fusion app as client
Nested Schema : items
Type:
Show Source
object-
description: string
meant to capture record level documentation
-
label-name: string
-
label-value: string
Minimum Length:
1
Match One Schema
Show Source
Nested Schema : additionalProperties
Type:
Show Source
object-
client-id: string
reference to the secret that contains the OAuth 2 client ID
-
client-secret: string
reference to the secret that contains the OAuth 2 client secret
-
description: string
meant to capture record level documentation
-
signing-key: string
reference to the secret that contains the RFC7523 request signing key
Response
Supported Media Types
- application/json
201 Response
Created
Root Schema : WorkspaceClient
Type:
Show Source
object-
client-identity-propagation-required: boolean
Default Value:
falseIf set to false, then Routing will fall back to Industries Framework credentials for token issuance if no client app key credentials are set. TICs can also require that the original client's identity in scope of the target OIDC server is mandatory. -
client-name: string
This is the name of the client application as it is shown in the configuration UX
-
description: string
meant to capture record level documentation
-
fixed-users-for-user-assertion-by-tic: object
fixed-users-for-user-assertion-by-tic
Additional Properties Allowed:
truethe fixed user name to put into user assertion tokens instead the name that might come from an inbound user token. Also used for the translation case of client token to user assertion -
id: string
-
labels: array
labels
Minimum Number of Items:
1Used in routing with workspace-routing-criteria -
supported-outbound-token-scopes: array
supported-outbound-token-scopes
Minimum Number of Items:
1List of allowed scopes that this Workspace Client can request when generating outbound token
Nested Schema : fixed-users-for-user-assertion-by-tic
Type:
objectMaximum Length:
80Additional Properties Allowed:
truethe fixed user name to put into user assertion tokens instead the name that might come from an
inbound user token. Also used for the translation case of client token to user assertion
Nested Schema : labels
Type:
arrayMinimum Number of Items:
1Used in routing with workspace-routing-criteria
Show Source
Nested Schema : supported-outbound-token-scopes
Type:
arrayMinimum Number of Items:
1List of allowed scopes that this Workspace Client can request when generating outbound token
Show Source
Nested Schema : items
Type:
Show Source
object-
description: string
meant to capture record level documentation
-
label-name: string
-
label-value: string
Minimum Length:
1
Match One Schema
Show Source
400 Response
Bad Request
Root Schema : Error
Type:
objectUsed when an API throws an Error, typically with a HTTP error response-code (3xx, 4xx, 5xx)
Show Source
-
@baseType: string
When sub-classing, this defines the super-class.
-
@schemaLocation: string
(uri)
A URI to a JSON-Schema file that defines additional attributes and relationships
-
@type: string
When sub-classing, this defines the sub-class entity name.
-
code(required): string
Application relevant detail, defined in the API or a common list.
-
message: string
More details and corrective actions related to the error which can be shown to a client user.
-
reason(required): string
Explanation of the reason for the error which can be shown to a client user.
-
referenceError: string
(uri)
URI of documentation describing the error.
-
status: string
HTTP Error code extension
401 Response
Unauthorized
Root Schema : Error
Type:
objectUsed when an API throws an Error, typically with a HTTP error response-code (3xx, 4xx, 5xx)
Show Source
-
@baseType: string
When sub-classing, this defines the super-class.
-
@schemaLocation: string
(uri)
A URI to a JSON-Schema file that defines additional attributes and relationships
-
@type: string
When sub-classing, this defines the sub-class entity name.
-
code(required): string
Application relevant detail, defined in the API or a common list.
-
message: string
More details and corrective actions related to the error which can be shown to a client user.
-
reason(required): string
Explanation of the reason for the error which can be shown to a client user.
-
referenceError: string
(uri)
URI of documentation describing the error.
-
status: string
HTTP Error code extension
403 Response
Forbidden
Root Schema : Error
Type:
objectUsed when an API throws an Error, typically with a HTTP error response-code (3xx, 4xx, 5xx)
Show Source
-
@baseType: string
When sub-classing, this defines the super-class.
-
@schemaLocation: string
(uri)
A URI to a JSON-Schema file that defines additional attributes and relationships
-
@type: string
When sub-classing, this defines the sub-class entity name.
-
code(required): string
Application relevant detail, defined in the API or a common list.
-
message: string
More details and corrective actions related to the error which can be shown to a client user.
-
reason(required): string
Explanation of the reason for the error which can be shown to a client user.
-
referenceError: string
(uri)
URI of documentation describing the error.
-
status: string
HTTP Error code extension
404 Response
Not Found
Root Schema : Error
Type:
objectUsed when an API throws an Error, typically with a HTTP error response-code (3xx, 4xx, 5xx)
Show Source
-
@baseType: string
When sub-classing, this defines the super-class.
-
@schemaLocation: string
(uri)
A URI to a JSON-Schema file that defines additional attributes and relationships
-
@type: string
When sub-classing, this defines the sub-class entity name.
-
code(required): string
Application relevant detail, defined in the API or a common list.
-
message: string
More details and corrective actions related to the error which can be shown to a client user.
-
reason(required): string
Explanation of the reason for the error which can be shown to a client user.
-
referenceError: string
(uri)
URI of documentation describing the error.
-
status: string
HTTP Error code extension
409 Response
Conflict
Root Schema : Error
Type:
objectUsed when an API throws an Error, typically with a HTTP error response-code (3xx, 4xx, 5xx)
Show Source
-
@baseType: string
When sub-classing, this defines the super-class.
-
@schemaLocation: string
(uri)
A URI to a JSON-Schema file that defines additional attributes and relationships
-
@type: string
When sub-classing, this defines the sub-class entity name.
-
code(required): string
Application relevant detail, defined in the API or a common list.
-
message: string
More details and corrective actions related to the error which can be shown to a client user.
-
reason(required): string
Explanation of the reason for the error which can be shown to a client user.
-
referenceError: string
(uri)
URI of documentation describing the error.
-
status: string
HTTP Error code extension
500 Response
Internal Server Error
Root Schema : Error
Type:
objectUsed when an API throws an Error, typically with a HTTP error response-code (3xx, 4xx, 5xx)
Show Source
-
@baseType: string
When sub-classing, this defines the super-class.
-
@schemaLocation: string
(uri)
A URI to a JSON-Schema file that defines additional attributes and relationships
-
@type: string
When sub-classing, this defines the sub-class entity name.
-
code(required): string
Application relevant detail, defined in the API or a common list.
-
message: string
More details and corrective actions related to the error which can be shown to a client user.
-
reason(required): string
Explanation of the reason for the error which can be shown to a client user.
-
referenceError: string
(uri)
URI of documentation describing the error.
-
status: string
HTTP Error code extension
Examples
The following example shows how to create a workspace client by submitting a POST request on the REST resource using cURL.
cURL Command
curl -H 'Authorization: Bearer <Token>' -X POST
https://{FABRIC_HOST}/admin/workspaceClients -H
"Content-Type: application/json" -D @create_workspaceclient.json |
json_pp
Example of Request Body
The following shows an example of the request body in JSON format.
{
"fusion-client-id": {
"client-id": "fusion_client_id_1",
"client-secret": "fusion_client_secret_1"
},
"workspace-oidc-server-data": {
"buying": {
"client-id": "csdhsdkj1wenkwqdnwcsdfsd33e",
"client-secret": "s213q-wen23e2kwe-dsfdfdefd",
"signing-key": "2jdpwe-dksckjdcd-1dewdecw"
}
},
"global-oidc-server-data": {
"Core": {
"client-id": "core_client_id",
"client-secret": "core_client_secret",
"signing-key": "core_signing_key"
}
},
"client-name": "Buying",
"labels": [
{
"label-name": "wsc-label-n1",
"label-value": "wsc-label-v1"
},
{
"label-name": "wsc-label-n2",
"label-value": "wsc-label-v2"
}
],
"client-identity-propagation-required": true
}
Example of Response Body
The following shows an example of the response body in JSON format.
{
"client-name": "Buying",
"labels": [
{
"label-name": "wsc-label-n1",
"label-value": "wsc-label-v1"
},
{
"label-name": "wsc-label-n2",
"label-value": "wsc-label-v2"
}
],
"fusion-client-id": {},
"client-identity-propagation-required": true,
"id": "buyingpbgsp"
}