Figure 1. M2M Registration Flow
- The administrator sets up an identity and credential, in their own IdP (customer IdP), for their own application (e.g. an application that will need to access protected data).
- The administrator receives a new app client ID and secret from their IdP.
- Using standard OIDC, the administrator logs into APEX/Cirrus and provides newly created app client ID and IdP Metadata Url details.
- Cirrus in turn requests Common IAM Pacific Service to create a new PowerX client.
- The Common IAM Pacific Service creates a new PowerX API client/account, andenables the client for token exchange and establishes trust with Cirrus.
- Cirrus then requests Common IAM Pacific Service to map the newly created PowerX client/account with the customer IdP API application identity Provider Client ID along with the customer IdP Metadata Certificate Url.
- The registration is now complete. The Common IAM Pacific Service will use this certificate at the token exchange runtime to validate registration and trust with customer IdP.
- Cirrus finally responds back to the API app running on the customer server with registration marked as completed.