Manual Chapter : About OAuth Authorization

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.1, 15.0.0
Manual Chapter

About OAuth Authorization

When Access Policy Manager (APM®) is configured to act as an OAuth authorization server, an OAuth Authorization agent must be present in the access policy.
The OAuth Authorization agent provides these elements and options.
Prompt for Authorization
  • Enabled
    - Displays the OAuth Authorization page. The page requests authorization for the client application to access a list of scopes and presents the options to allow or to deny access.
  • Disabled
    - Does not display the OAuth Authorization page.
Subject
Type the name of a subject claim (for JSON web tokens).
Audience
Specifies the audiences for the claims (for JSON web tokens).
Scope / Claim Assign
Specifies the scopes or the claims for which authorization is requested. If no scopes or claims are specified here, the ones configured in APM for the client application are used.
Customization
Customize the messages that display on the OAuth authorization page when
Prompt for Authorization
is set to
Enabled
:
  • Language
    - Specifies the language in which you want to customize the fields for this OAuth Authorization agent page.
    You select languages in this section only for the purpose of customization. The language used in a policy is determined by the user's browser settings. The default language for a per-session policy is determined in the access profile and not in the policy.
  • Authorize Message
    - Specifies the initial wording for the prompt.
  • Scope Message
    - Specifies the wording that precedes the list of scopes that are specified in the Scope / Claim Assign area of this screen.
  • Allow Message
    - Provides the label for the button that allows access.
  • Deny Message
    - Provides the label for the button that denies access.