Client Apps
Client apps are used to integrate 3rd party applications with the Digital Enterprise Suite. A Client App can the various REST APIs to make authenticated requests on behalf of the user that generated the access token.
The Digital Enterprise Suite does not currently support apps authorization (eg. Client Credentials flow) and require an access code flow (standard or PKCE) with a user authorization.
It is possible to edit ( ), delete ( ) or manually generate a token ( ) for an app.
When generating a token for a client app manually ( ), it is possible to specify the expiration of the bearer token.
| The certificate URL can be accessed by a non admin user to generate a bearer token using a non administrator account. |
Attributes
App id |
Also referred to as the Client ID, this uniquely identifies the application and is immutable after the app creation. |
Secret |
Also referred to as the Client Secret, this is used to signed bearer tokens. Changing this value invalidates all existing tokens. |
Name |
A user defined name for the app |
Description |
A user defined description for the app |
Trusted Endpoints |
When checked, this client app allows the client application to manipulate non obfuscated data. If not, data will be obfuscated based on defined datatypes. |
Support Client Credentials |
When checked, this client app allows the client credentials OAuth flow. This allows a client application to authenticate using only the App id and Secret as identifiers without user interaction. On a client credentials flow, the Associated System Account will be used as the identity in the system for access checks. |
Associated System Account |
A system account user that is associated with this client app. Only used when the client credentials flow is activated for the app. When the client credentials flow is used to obtain an identity for this app, this system account will be used in access checks. |
Redirect URI |
Optional redirect URI for the access code OAUTH 2 flow. If unspecified, the redirect URI will not be validated. |
Grant |
List of access scopes granted to tokens of generated for this app. |
Scopes
| Grant | Scope | Description |
|---|---|---|
Repository read |
repo_r |
Read modeling places. |
Repository write |
repo_w |
Write, deleted, rename and create models in modeling places. |
Service execution |
service_x |
Deprecated scope that was used to transform model types. |
Group read |
group_r |
Read groups. |
Group write |
group_w |
Write, delete, rename and invite to groups. |
Graph read |
graph_r |
Use the SPARQL API on the Digital Enterprise Graph. |
Users read |
users_r |
Read users. |
Users write |
users_w |
Write and delete users. |
Admin |
admin |
The admin API is not documented for customers and this scope should not be used. |
Exec. env. read |
mvn_r |
Query the execution environments and their content. |
Exec. env. write |
mvn_w |
Publish and delete services in execution environments. |
Exec. env. download |
mvn_d |
Download services from execution environments. |
Emitter read |
emitter_r |
Read emitter configuration and audit log files |
Emitter write |
emitter_w |
Write emitter configuration |
BPMN execution |
bpmn_x |
Access the workflow automation API. |
CMMN execution |
cmmn_x |
Access the case automation API. |
DMN execution |
dmn_x |
Access the decision automation API. |
Docker Read |
docker_r |
Download containers build locally. |
Assets write |
asset_w |
Write to the static assets resource. |
OpenID |
openid |
Can be used by Digital Distributed Containers to obtain an Open ID token identity. |