Server Administration Application – Configuring OAuth
OAuth
Configuration Properties
Additional
Authorization Parameters Properties
See also: Server Administration Application Home Page, REST Overview, Working with REST Web Service Resources, REST Web Service Security, Using OAuth Security, OpenID Connect Configuration
Introduction
OAuth configurations are created and maintained on the server using the Server Administration web application. They are saved in folder oauthConfigurations in the ebaseConf folder of the web application e.g. userdata/apps/<webappname>/ebaseConf/oauthConfigurations. These files can be copied between servers if required.
An OAuth configuration represents an authorization server that requires OAuth authentication.
OAuth configurations can be used by:
- A REST Resource can configure endpoint security that uses OAuth authentication
- OpenID Connect Authentications e.g. authentication using Google or ADFS
- Click
the
icon to create a new OAuth
configuration - Click
the
icon to refresh the display - Click
the
icon to delete an OAuth
configuration - Click on an OAuth configuration name to display or edit its properties
- Click Help on the menu at the top of the panel to display this help page
OAuth Configuration Properties
|
The following are
common properties – applicable to all authorization types. |
|
|
OAuth Name |
OAuth configuration name. |
|
Description |
An optional description. |
|
Authorization type |
Can be set to:
See OAuth 2.0 for details of these Authorization types. If this OAuth Configuration is being used for OpenID Connect, the type is usually Authorization Code Grant. |
|
Token request URL |
Specifies the URL to request the access token. |
|
Client id |
The client id as issued by the authorization server. |
|
Secret key |
The secret key as issued by the authorization server. |
|
Send Access Token as |
The OAuth access token can be sent with the HTTP Request as either a HTTP Header or as a Post/Query Parameter. Select the method applicable to the authentication specification. Click here for more information. |
|
Scope |
A list of scopes specific to the authorization server. |
|
|
|
|
The following
additional properties apply to Authorization type Authorization Code Grant |
|
|
Authorization URL |
Specifies the URL to the authorization server. |
|
Redirect URI |
This field is for information only and shows the redirect URI created by the system. This should be entered into the 3rd party OAuth provider’s configuration. Click here for more information. |
|
|
|
|
The following additional properties apply to Authorization type Resource Owner Password Credentials Grant |
|
|
Username |
Username to authenticate. |
|
Password |
Password to authenticate |
|
|
|
The Username, Password and Scope properties can be overridden by entering the values into the Rest Web Service Security dialog or calling the JavaScript method HttpAuthentication.createOAuthAuthentication(name, scope, username, password).
Additional Authorization Parameters Properties
Add additional parameters specific to the Authorization Code type. The parameters are added to the request when calling the authorization URL. These additional parameters can be overridden by entering the values into the Rest Web Service Security dialog or calling the JavaScript method HttpAuthentication.createOAuthAuthentication(name, scope, username, password, additionalParameters).