DNAnexus Documentation
APIDownloadsIndex of dx CommandsLegal
  • Overview
  • Getting Started
    • DNAnexus Essentials
    • Key Concepts
      • Projects
      • Organizations
      • Apps and Workflows
    • User Interface Quickstart
    • Command Line Quickstart
    • Developer Quickstart
    • Developer Tutorials
      • Bash
        • Bash Helpers
        • Distributed by Chr (sh)
        • Distributed by Region (sh)
        • SAMtools count
        • TensorBoard Example Web App
        • Git Dependency
        • Mkfifo and dx cat
        • Parallel by Region (sh)
        • Parallel xargs by Chr
        • Precompiled Binary
        • R Shiny Example Web App
      • Python
        • Dash Example Web App
        • Distributed by Region (py)
        • Parallel by Chr (py)
        • Parallel by Region (py)
        • Pysam
      • Web App(let) Tutorials
        • Dash Example Web App
        • TensorBoard Example Web App
      • Concurrent Computing Tutorials
        • Distributed
          • Distributed by Region (sh)
          • Distributed by Chr (sh)
          • Distributed by Region (py)
        • Parallel
          • Parallel by Chr (py)
          • Parallel by Region (py)
          • Parallel by Region (sh)
          • Parallel xargs by Chr
  • User
    • Login and Logout
    • Projects
      • Project Navigation
      • Path Resolution
    • Running Apps and Workflows
      • Running Apps and Applets
      • Running Workflows
      • Running Nextflow Pipelines
      • Running Batch Jobs
      • Monitoring Executions
      • Job Notifications
      • Job Lifecycle
      • Executions and Time Limits
      • Executions and Cost and Spending Limits
      • Smart Reuse (Job Reuse)
      • Apps and Workflows Glossary
      • Tools List
    • Cohort Browser
      • Chart Types
        • Row Chart
        • Histogram
        • Box Plot
        • List View
        • Grouped Box Plot
        • Stacked Row Chart
        • Scatter Plot
        • Kaplan-Meier Survival Curve
      • Locus Details Page
    • Using DXJupyterLab
      • DXJupyterLab Quickstart
      • Running DXJupyterLab
        • FreeSurfer in DXJupyterLab
      • Spark Cluster-Enabled DXJupyterLab
        • Exploring and Querying Datasets
      • Stata in DXJupyterLab
      • Running Older Versions of DXJupyterLab
      • DXJupyterLab Reference
    • Using Spark
      • Apollo Apps
      • Connect to Thrift
      • Example Applications
        • CSV Loader
        • SQL Runner
        • VCF Loader
      • VCF Preprocessing
    • Environment Variables
    • Objects
      • Describing Data Objects
      • Searching Data Objects
      • Visualizing Data
      • Filtering Objects and Jobs
      • Archiving Files
      • Relational Database Clusters
      • Symlinks
      • Uploading and Downloading Files
        • Small File Sets
          • dx upload
          • dx download
        • Batch
          • Upload Agent
          • Download Agent
    • Platform IDs
    • Organization Member Guide
    • Index of dx commands
  • Developer
    • Developing Portable Pipelines
      • dxCompiler
    • Cloud Workstation
    • Apps
      • Introduction to Building Apps
      • App Build Process
      • Advanced Applet Tutorial
      • Bash Apps
      • Python Apps
      • Spark Apps
        • Table Exporter
        • DX Spark Submit Utility
      • HTTPS Apps
        • Isolated Browsing for HTTPS Apps
      • Transitioning from Applets to Apps
      • Third Party and Community Apps
        • Community App Guidelines
        • Third Party App Style Guide
        • Third Party App Publishing Checklist
      • App Metadata
      • App Permissions
      • App Execution Environment
        • Connecting to Jobs
      • Dependency Management
        • Asset Build Process
        • Docker Images
        • Python package installation in Ubuntu 24.04 AEE
      • Job Identity Tokens for Access to Clouds and Third-Party Services
      • Enabling Web Application Users to Log In with DNAnexus Credentials
      • Types of Errors
    • Workflows
      • Importing Workflows
      • Introduction to Building Workflows
      • Building and Running Workflows
      • Workflow Build Process
      • Versioning and Publishing Global Workflows
      • Workflow Metadata
    • Ingesting Data
      • Molecular Expression Assay Loader
        • Common Errors
        • Example Usage
        • Example Input
      • Data Model Loader
        • Data Ingestion Key Steps
        • Ingestion Data Types
        • Data Files Used by the Data Model Loader
        • Troubleshooting
      • Dataset Extender
        • Using Dataset Extender
    • Dataset Management
      • Rebase Cohorts and Dashboards
      • Assay Dataset Merger
      • Clinical Dataset Merger
    • Apollo Datasets
      • Dataset Versions
      • Cohorts
    • Creating Custom Viewers
    • Client Libraries
      • Support for Python 3
    • Walkthroughs
      • Creating a Mixed Phenotypic Assay Dataset
      • Guide for Ingesting a Simple Four Table Dataset
    • DNAnexus API
      • Entity IDs
      • Protocols
      • Authentication
      • Regions
      • Nonces
      • Users
      • Organizations
      • OIDC Clients
      • Data Containers
        • Folders and Deletion
        • Cloning
        • Project API Methods
        • Project Permissions and Sharing
      • Data Object Lifecycle
        • Types
        • Object Details
        • Visibility
      • Data Object Metadata
        • Name
        • Properties
        • Tags
      • Data Object Classes
        • Records
        • Files
        • Databases
        • Drives
        • DBClusters
      • Running Analyses
        • I/O and Run Specifications
        • Instance Types
        • Job Input and Output
        • Applets and Entry Points
        • Apps
        • Workflows and Analyses
        • Global Workflows
        • Containers for Execution
      • Search
      • System Methods
      • Directory of API Methods
      • DNAnexus Service Limits
  • Administrator
    • Billing
    • Org Management
    • Single Sign-On
    • Audit Trail
    • Integrating with External Services
    • Portal Setup
    • GxP
      • Controlled Tool Access (allowed executables)
  • Science Corner
    • Scientific Guides
      • Somatic Small Variant and CNV Discovery Workflow Walkthrough
      • SAIGE GWAS Walkthrough
      • LocusZoom DNAnexus App
      • Human Reference Genomes
    • Using Hail to Analyze Genomic Data
    • Open-Source Tools by DNAnexus Scientists
    • Using IGV Locally with DNAnexus
  • Downloads
  • FAQs
    • EOL Documentation
      • Python 3 Support and Python 2 End of Life (EOL)
    • Automating Analysis Workflow
    • Backups of Customer Data
    • Developing Apps and Applets
    • Importing Data
    • Platform Uptime
    • Legal and Compliance
    • Sharing and Collaboration
    • Product Version Numbering
  • Release Notes
  • Technical Support
  • Legal
Powered by GitBook

Copyright 2025 DNAnexus

On this page
  • Configuring Your Web-Based Application to Allow Login with DNAnexus Credentials
  • Prerequisites
  • Step 1. Register Your App with DNAnexus and Obtain a Client ID
  • Step 2. Obtain Your Client Secret
  • Step 3. Configure Your App to Use the Client ID and Client Secret
  • Step 4. Configure Your App to Request Information from Users
  • Resetting Your App's Client Secret
  • Learn More

Was this helpful?

Export as PDF
  1. Developer
  2. Apps

Enabling Web Application Users to Log In with DNAnexus Credentials

Learn how to configure your app to allow app users to log in using DNAnexus credentials.

Last updated 10 months ago

Was this helpful?

If you're the developer of a web app that will be used by DNAnexus Platform users, you can enable them to log in, easily and securely, using their Platform credentials, via the DNAnexus OIDC service. This page provides a step by step guide to configuring your app to enable OIDC login, and registering it with DNAnexus as an OIDC client.

For a sample app illustrating how this is done, .

Configuring Your Web-Based Application to Allow Login with DNAnexus Credentials

Prerequisites

To enable user login with DNAnexus credentials, your application must be web-based. That is, it must allow users to log in and access its functionality via a web interface. Your application must also have a privacy policy and terms of service document that are both web-accessible. You must also supply a JSON Web Key Set (JWKS) endpoint URL, to support JWT encryption of the required ID token.

Step 1. Register Your App with DNAnexus and Obtain a Client ID

As a first step, you must register your app with DNAnexus. To do this, , including the following specifications in your email:

  • client_name string The name of the app that is to be configured as an OIDC client.

  • author_id string The DNAnexus Platform of the user who will be able to set and reset the app's

Only one user can be designated as an app's author.

  • redirect_uris array of strings A list of one or more URLs to which user authorization requests will be directed. All must use the HTTPS protocol

  • homepage_uri string The URL of the page used to access and use the app

  • policy_uri string The URL of the app's privacy policy document

  • tos_uri string The URL of the app's terms of service document

  • jwks_uri string The URL of the app's JWKS (JSON Web Key Set)

  • scope space-separated list of strings A space-separated list of scopes that the client can request as part of each authorization request. See below for a list of support scopes.

  • id_token_encrypted_response_alg string The algorithm used for encryption of the Content Encryption Key (CEK). Supported values are:

    "A256KW",
    "ECDH-ES",
    "RSA-OAEP",
    "RSA-OAEP-256"
  • id_token_encrypted_response_enc string The algorithm used for encryption of the ID Token content. This value is optional, will default to A256CBC-HS512 . Supported values are:

    "A256CBC-HS512",
    "A256GCM"

Once DNAnexus Support processes your request, you will receive a confirmation that your app is registered as an OIDC client. You will also receive its client ID. The client ID is a unique string, in UUID format, that identifies your app. You will need this client ID to set up and maintain your app as an OIDC client, so store it securely.

Step 2. Obtain Your Client Secret

$ dx api oidcClient-xxxx resetClientSecret

Step 3. Configure Your App to Use the Client ID and Client Secret

Note the following about how the DNAnexus OIDC server handles authorization requests:

Step 4. Configure Your App to Request Information from Users

Apps must request the openid scope. App may require that any or all of the additional scopes, listed below, be included in authorization requests:

  • openid string The app must always request this scope. In return, the app will receive the ID token providing identity data for the user.

  • user_id string A user’s Platform username, prepended with user- in the form user-username (e.g. user-amy)

  • name string The user’s full name, exactly as registered when he or she created a DNAnexus user account

  • email string The email address associated with the user’s DNAnexus user account

Resetting Your App's Client Secret

Learn More

Once you've successfully registered your client and obtained the Client ID, you must next obtain a Client Secret. This is a unique string that the app will present to the DNAnexus OIDC server, along with the Client ID, during authentication. To obtain the Client Secret, use the API method , replacing "xxxx" with the app's Client ID.

Next you must configure your app to use the client ID and client secret, as part of authentication requests. The simplest way to do this is by leveraging an OIDC-compliant client library, such as .

Authorization requests are handled in keeping with the .

The is enforced

Only are supported.

ID Token has to always be encrypted using and leveraging

If you need to reset your app's client secret, you can do this via a call to the API endpoint , replacing "xxxx" with the app's client ID, as when you obtained the client secret in the first place (see above). Once a new client secret is generated, the previous secret gets invalidated momentarily.

for a sample app illustrating how to configure a web-based app to use the DNAnexus OIDC service.

open-id client
Authorization Code Flow as defined in the Open ID connect Core 1.0 spec
Proof Key for Code Exchange (PKCE) standard
pairwise identifiers
JWE
JWK
See this DNAnexus-maintained Github repo
see this DNAnexus-maintained Github repo
email DNAnexus Support
client secret
Step 2
/oidcClient-xxxx/resetClientSecret
/oidcClient-xxxx/resetClientSecret
user ID