Manual Chapter : About OAuth Client
Applies To:Show Versions
- 15.0.1, 15.0.0
About OAuth Client
An OAuth Client agent is a policy item that requests authorization and tokens from an OAuth server. An OAuth Client can also get scope data on a per-request basis. The OAuth Client agent provides these configuration elements and options:
- Specifies the OAuth server to which this OAuth client directs requests.
- Grant Type
- Specifies the type of grant that the OAuth client uses.
- Authorization code - The client redirects the resource owner to the OAuth server to request an authorization code.
- Password - The client uses resource owner password credentials to request an access token from the OAuth server.
- OpenID Connect
- Specifies whether the agent uses OpenID Connect for authorization. Displays whenGrant Typeis set toAuthorization code.To function correctly when enabled, the OAuth provider (associated with the selectedServer) must be configured to support JSON web tokens.
- OpenID Connect Flow Type
- Specifies the OpenID Connect flow type to use:Authorization codeorHybrid.
- OpenID Connect Hybrid Response Type
- Specifies the response type to use for an OpenID Connect hybrid flow:code-idtoken,code-token, orcode-idtoken-token.
- Authentication Redirect Request
- Specifies an auth-redirect-request type request, which redirects a user to an OAuth server. Displays whenGrant Typeis set toAuthorization code.
- Token Request
- Specifies a token-request type of request.
- Refresh Token Request
- Specifies a token-refresh-request type of request. APM uses this request on a per-request basis.
- OpenID Connect UserInfo Request
- Specifies an openid-userinfo-request type of request. Displays whenOpenID Connectis set toEnabled. JWT access tokens can be submitted for an OpenID Connect UserInfo request; however, issuing id_tokens alongside an opaque token is not supported.
- Redirection URI
- Specifies the URI for the OAuth server to redirect a user back to the OAuth client. Displays whenGrant Typeis set toAuthorization code.
- Specifies one or more strings separated by spaces; for examplecontacts photo email. The strings are defined by the OAuth authorization server. Your best source of information for the strings that a particular OAuth authorization server defines could be APIs for OAuth 2.0 scopes on developer sites for OAuth providers.For theAuthorization codegrant type, an OAuth authorization server prompts the user to grant or deny access to the scopes. For thePasswordgrant type, an OAuth authorization server grants permission to the requested scopes based on the user providing resource owner password credentials.
Requests are configured in thearea of the product.