journal/2021-04-16--12-27-13Z--iroh_auth_presentation.org

journal/2021-04-16--12-27-13Z--iroh_auth_presentation.org

@@ -391,6 +391,42 @@ secrets:
 
 * Clients
 
+Client mandatory fields:
+
+- =id= the unique id of the client accross all Threat Response,
+- =name= a name for the client that will be user facing,
+- =client-type= can be either =confidential= or =public=,
+- =grants= a list that could contain =auth-code= or =client-creds=,
+- =redirects= a set of URIs,
+- =scopes= a set of scopes,
+- =enabled?= a boolean, this field is editable by admin users,
+- =approved?= a boolean, editable only by Threat Response admins.
+
+Client optional fields:
+
+- =description=, a long description of the client that could be presented to the
+  users during client authorization,
+- =owner-id=, the user id of the client's owner,
+- =org-id=, the org id of the client's owner,
+- =enabled-by=, the user id of the admin that enabled the client,
+- =disabled-by=, the user id of the admin that disabled the client,
+- =password=, also known as the "client's secret", public clients don't
+  have a password,
+- =access-token-lifetime-in-sec=, access token lifetime this client provides,
+- =refresh-token-lifetime-in-sec=, refresh token lifetime this client provides,
+- =availability=, can be =user=, =org= or =everyone=. This filters the user that
+  can grant access to this client:
+  + =user= only the owner
+  + =org= only org's members
+  + =everyone= any Threat Response user
+- =approval-status=, possible values are =waiting= =rejected= =approved=. During
+  client creation some criteria will need an Threat Response Admin's approval,
+- =approver-id=, the user id of the user (a Threat Response admin) that approved the client
+- =approval-message=, a message left for the user.
+- =client-preset-id=, a Client Preset ID. Client Presets are explained in [[#client-presets]].
+
+
+
 * 4 - Specifc Cisco Usage
 
 - Orbital