Managing Clients
Overview
A client definition in MOPS 4.0 refers to any client configured at an identity provider, such as Entra ID, ADFS or another third-party identity issuer. The URL of an instance of such an identity provider is added to MOPS 4.0 as an “issuer” and this issuer is used to point different clients in MOPS 4.0 to different identity providers.
Clients can be for authentication users but also provide authentication for background services. As an example if ADFS is chosen, there would be an application group configured with one application for authentication MOPS 4.0 users and one for providing authentication for the system’s background services. These two clients would be defined in both ADFS and in MOPS 4.0. See links to configuration manuals for ADFS and Entra ID below.
Adding a new client in identity provider
MOPS 4.0 uses the token-based authentication standard OpenID Connect. This is a layer on top of OAuth 2.0 which adds
the concepts of users and authorization on OAuth 2.0. Refer to the
official documentation for additional information.
MOPS provides guides for configuring several identity providers to work with MOPS 4.0.
Adding a new client in MOPS 4.0
Adding a new client is done by clicking on the add button (+) in the bottom right corner of the page and filling in the form:
| Property | Description |
|---|---|
| OpenID Connect Client Id | Client ID/AppID that is configured in the identity issuer for this client |
| Application | The application that will use this client, MOPS40 for MOPS 4.0 web application, mops-services for background services |
| Issuer | The identity issuer this client is configured in |
| Display Name | A display name shown in MOPS 4.0 to make it easier to read, in most cases “OpenID Connect Client Id” will be a generated ID that is difficult to read |
| Account | The account that owns this client, needed for clients that background services use, default is “Service User” added when installing MOPS 4.0 |
| Response Type | What the identity issuer should respond with, “code” (Authorization Code) for issuer used for MOPS 4.0 web application and “None” for background services |
| Scope | Resources to access from the identity issuer, for example “openid profile email” for MOPS 4.0 web application and “openid” for background services |
| Load User Information | If user information in the form of an ID token should be fetched when fetching an access token, usually set to “no” |
Deleting a Client
The client that is currently used to authenticate users for the application cannot be edited or deleted.
A client is deleted by clicking on the delete button in the list.