createClientto seed a client in all environments:
clientIdshould be prefixed with the organisation domain, eg
spafor front-end web apps,
webfor websites that have a cookie based authentication through a backend,
nativefor mobile apps and
machinefor backend clients.
displayNamewill be shown to the user when they are authenticating to this client.
descriptionshould describe the purpose of the client. Not shown to the user.
contactEmaildefault to Digital Iceland and it's technical contact.
grantTypesspecifies which token grant flows the client can use. Defaults to
allowedScopeslists the scopes this client can request. Should include
openidand any identity and api scopes that the client needs access to.
supportDelegationstoggles whether users can authenticate to this client with delegations (legal guardians, procuring holders and custom delegations).
redirectUrishould specify the list of allowed redirect uris for each environment.
postLogoutRedirectUriis where the user should be redirected to after logging out.
createScopeto seed a scope in all environments:
nameshould be prefixed with the organisation domain, eg
displayNameis the name of the scope, shown to users.
descriptionis a description of what the scope gives access to, also shown to users.
delegationallows you to configure if the scope should be automatically granted to legal guardians and procuring holders, or if it should support custom delegations. Defaults to no delegation support.
accessControlled: truemakes this a special scope that normal users don't have access to. It is possible to give users access to this scope in the IDS admin. This is a simple tool to manage access to admin clients and resources.
addToResourcespecifies which resource this scope belongs to. Defaults to
addToClientsadds this scope as
allowedScopesfor the specified clients.
Let's say you specify a client X in a seed migration that is allowed to use scopes A and B. If client X is already defined in
devwith scope A when the migration runs, it will only add scope B as an allowed scope for client X. The seed migration may still create client X on
prodif it doesn't exist already.