External web applications can log in to Synapse and access users’ identity and resources with their consent and with a select, limited scope. This is accomplished using a secure and industry-standard protocol called OpenID Connect (OIDC), which is an extension of OAuth 2.0.
Registering and
...
Linking an OAuth 2.0 Client
The details of the Synapse Open ID Connect implementation are published on the web in a standard Open ID Configuration document (aka the “discovery document”). The document includes the web endpoints for registration, authorization, and token generation, as well as the scope of resources that can be requested, and the formats in which Synapse will return information.
...
In order to verify an OAuth client, contact synapseinfo@sagebase.orgSynapse Help detailing:
Your name
The ID of the client to be verified (see below on how to obtain the client ID)
A description of your application
...
If the 'userinfo_signed_response_alg': 'RS256' option was included in the client registration, then the result will be returned as a signed JSON Web Token, otherwise a simple JSON object will be returned.
To make authenticated requests with the Synapse client:
In Python:
| Code Block | ||
|---|---|---|
| ||
import synapseclient syn = synapseclient.Synapse() syn.login(authToken=<access token>) |
In R:
| Code Block | ||
|---|---|---|
| ||
library(synapser)
synLogin(authToken=<access token>) |
Refresh Tokens
Access tokens last for 24 hours, after which the client must either repeat the authorization process or use the refresh token to get a new access token. To do the latter, send a request to the refresh token endpoint:
...
The services described here allow an OAuth client to manage tokens. A separate set of services allow the user to review and revoke refresh tokens that they have granted to an OAuth client. The details are given here.Include Page