Manual Chapter : About OAuth Client

Applies To:

Show Versions Show Versions


  • 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Manual Chapter

About OAuth Client

An OAuth Client agent is a policy item that requests authorization and tokens from an OAuth server. An OAuth Client can also get scope data on a per-request basis. The OAuth Client agent provides these configuration elements and options:
Specifies the OAuth server to which this OAuth client directs requests.
Grant Type
Specifies the type of grant that the OAuth client uses.
  • Authorization code - The client redirects the resource owner to the OAuth server to request an authorization code.
  • Password - The client uses resource owner password credentials to request an access token from the OAuth server.
OpenID Connect
Specifies whether the agent uses OpenID Connect for authorization. Displays when
Grant Type
is set to
Authorization code
To function correctly when enabled, the OAuth provider (associated with the selected
) must be configured to support JSON web tokens.
OpenID Connect Flow Type
Specifies the OpenID Connect flow type to use:
Authorization code
OpenID Connect Hybrid Response Type
Specifies the response type to use for an OpenID Connect hybrid flow:
, or
Authentication Redirect Request
Specifies an auth-redirect-request type request, which redirects a user to an OAuth server. Displays when
Grant Type
is set to
Authorization code
Token Request
Specifies a token-request type of request.
Refresh Token Request
Specifies a token-refresh-request type of request. APM uses this request on a per-request basis.
OpenID Connect UserInfo Request
Specifies an openid-userinfo-request type of request. Displays when
OpenID Connect
is set to
. JWT access tokens can be submitted for an OpenID Connect UserInfo request; however, issuing id_tokens alongside an opaque token is not supported.
Redirection URI
Specifies the URI for the OAuth server to redirect a user back to the OAuth client. Displays when
Grant Type
is set to
Authorization code
Specifies one or more strings separated by spaces; for example
contacts photo email
. The strings are defined by the OAuth authorization server. Your best source of information for the strings that a particular OAuth authorization server defines could be APIs for OAuth 2.0 scopes on developer sites for OAuth providers.
For the
Authorization code
grant type, an OAuth authorization server prompts the user to grant or deny access to the scopes. For the
grant type, an OAuth authorization server grants permission to the requested scopes based on the user providing resource owner password credentials.
Requests are configured in the
OAuth Client / Resource Server
area of the product.