OAuth Service contains the properties that affect the Identity Broker OAuth service.
↓Relations To this Component
↓Properties
↓dsconfig Usage
The following components have a direct aggregation relation from OAuth Services:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ token-store | ↓ oauth-admin-client-id |
| ↓ authorization-code-validity-duration | ↓ oauth-admin-client-secret |
| ↓ access-token-validity-duration | |
| ↓ refresh-token-validity-duration | |
| ↓ reuse-refresh-tokens | |
| ↓ authorization-approval-template | |
| ↓ authorization-error-template | |
| ↓ authentication-manager-bean-name |
| Description | Specifies the token store that will be used to persist OAuth 2 access tokens and authorization codes. |
| Default Value | None |
| Allowed Values | The DN of any Token Store. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
authorization-code-validity-duration
| Description | Specifies the default validity duration of an authorization code. Applications may also specify a different validity duration that is specific to authorization codes generated for that application and will override this property. |
| Default Value | 1 m |
| Allowed Values | A duration. Lower limit is 1 seconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
access-token-validity-duration
| Description | Specifies the default validity duration of an access token. Applications may also specify a different validity duration that is specific to access tokens granted for that application and will override this property. |
| Default Value | 12 h |
| Allowed Values | A duration. Lower limit is 1 seconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
refresh-token-validity-duration
| Description | Specifies the default validity duration of a refresh token. Applications may also specify a different validity duration that is specific to refresh tokens generated for that application and will override this property. A value of "0 s" will disable the generation of refresh tokens. |
| Default Value | 30 d |
| Allowed Values | A duration. Lower limit is 0 seconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies whether to reuse the refresh token until it is no longer valid or to generate a new refresh token when a new access token is issued. |
| Default Value | true |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
authorization-approval-template
| Description | The Velocity template page for the OAuth 2 authorization approval user interface. The value is a file relative to the server template directory config/pages/templates under the server root. Please refer to the default template at config/pages/templates/oauth-approval.vm for examples and applicable tags that may be used in the template. |
| Default Value | oauth-approval.vm |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The Velocity template page for the OAuth 2 authorization error user interface. This is used when the OAuth 2 authorization request is missing the redirect URI or if it is invalid or mismatching. This page will also be used if the client identifier is missing or invalid. The value is a file relative to the server template directory config/pages/templates/ under the server root. Please refer to the default template at config/pages/templates/oauth-error.vm for examples and applicable tags that may be used in the template. |
| Default Value | oauth-error.vm |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
authentication-manager-bean-name
| Description | Specifies a reference to a Spring Security AuthenticationManager bean that should be used to authenticate the resource owner for a request using the resource owner password credentials grant. The bean must be configured in the Spring configuration file of the Spring Security HTTP Servlet Extension. |
| Default Value | Requests using the resource owner password credentials grant will be denied. |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
oauth-admin-client-id (Advanced Property)
| Description | Specifies the client_id to be used by REST clients which access the Identity Broker admin APIs using OAuth authentication. This property is a placeholder for the client ID, as the OAuth Service actually uses the value stored in the Application entry in the Policy Store. Having it here allows tools such as prepare-external-store to use a consistent value for the ID when run multiple times or against multiple external servers. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
oauth-admin-client-secret (Advanced Property)
| Description | Specifies the client_secret to be used by REST clients which access the Identity Broker admin APIs using OAuth authentication. This property is a placeholder for the client secret, as the OAuth Service actually uses the value stored in the Application entry in the Policy Store. Having it here allows tools such as prepare-external-store to use a consistent value for the secret when run multiple times or against multiple external servers. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To view the Oauth Service configuration:
dsconfig get-oauth-service-prop
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the Oauth Service configuration:
dsconfig set-oauth-service-prop
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...