Manual Chapter :
About OAuth Scope
Applies To:
Show Versions
BIG-IP APM
- 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
About OAuth Scope
The OAuth Scope agent validates JSON web tokens (JWT) or validates scopes
for opaque tokens. The OAuth Scope item provides these elements and options:
- Token Validation Mode
- Internal- In this mode, the agent validates JSON web tokens (JWT).
- External- In this mode, the agent makes requests to an OAuth authorization server to get scopes associated with a token and to get scope data, such as a user's email address or contact list.
- JWT Provider List
- Specifies a list of OAuth providers that support JWT. The agent validates JWT from any of these providers when configured. ForInternalmode.
- Server
- Specifies an OAuth server. OAuth servers in resource server, or client and resource server modes are available for selection. ForExternalmode.
- Scopes Request
- Specifies a validation-scopes-request type request. This request type retrieves a list of scopes associated with the token. ForExternalmode.
- OpenID Connect UserInfo Request
- Specifies an openid-userinfo-request type request where the client sends the request using either GET or POST. ForExternalmode.
In
External
mode, you can add multiple scope data requests to the agent. Click Add New
Entry
and specify:- Scope Name
- Specifies the name of a scope for which you are requesting data. (The external OAuth provider specifies the names of the scopes that it supports.)
- Request
- Specifies a scope-data-request type request. This is optional. If the provider does not require this type of request to obtain additional information from an authorization server, you do not need to fill in this field.
You can
configure requests here:
.