Seed data configuration

Seed data defines the initial clients and groups available to the Auth Server.
The seed data may be defined via the bootstrap section.

Note that the Helm Chart will automatically configure clients for Telicent applications included in the base Telicent Core release.

Example values.yaml section 

#------------------------------------------------------------------------------
# bootstrap configuration to be loaded once - including client(s) and group(s)
#------------------------------------------------------------------------------
bootstrap:
  clients:
    public:
      - client_id: "example-client"
        client_name: "Your App"
        redirect_uris:
          - "https://apps.your-domain.com/your-app/callback"
          - "https://apps.your-domain.com/your-app/auth-redirect-uri"
        post_logout_redirect_uris:
          - "https://apps.your-domain.com/your-app"

      - client_id: "postman"
        client_name: "Postman"
        redirect_uris:
          - "https://oauth.pstmn.io/v1/callback"
        post_logout_redirect_uris:
          - "https://oath.pstmn.io"
  groups:
    list:
      - name: admin
        description: Administrator
      - name: analysts
        description: Analysts

The bootstrap data is processed each time that the Auth Server starts and any necessary database changes are applied prior to the application starting to service requests.

NB Supplying invalid bootstrap data will prevent the Auth Server from starting successfully!

Defining public clients

A public client represents an application that is able to delegate authentication of users to the Auth Server. Applications MUST follow the OAuth2 protocol and use PKCE authentication flow to establish user sessions. Each client to be registered requires a unique client_id, a user-friendly client_name and a list of redirect_uris and post_logout_redirect_uris permitted to be used during the OAuth2 authentication flows.

post_logout_redirect_uris only controls where users are redirected after Auth Server logout. It does not terminate the user’s session at the external Identity Provider (IdP). If the IdP session remains active, users may be re-authenticated automatically.

In the above example we define two clients, one for a custom application and one which allows us to login via the Postman application allowing us to make API requests directly to Telicent applications.

Defining Groups

Groups are defined with a name and a description. The name is used to assign a unique URN to the group using the prefix urn:telicent:groups so MUST NOT contain characters that are not permitted in URNs.

[EARLY DRAFT RELEASE] Copyright 2020-2025 Telicent Limited. All rights reserved