Perform OAuth2 requests on the Identity Broker.
This tool may be used to test OAuth2 functions of the Identity Broker, and to manage OAuth2 tokens on behalf of registered applications. See the --help-subcommands option for a list of supported sub-commands.
Revoke an access token or refresh token
oauth2-request revoke-token --clientID acb941f0-76d5-11e2-bcfd-0800200c9a66 \
--clientSecret PMUkauXA \
--token MD2AAQGBBnNJbmh1UYIw1zwVaHF128hKJk1VgQYkNCX9fkShvpbTthuRY6b7WsSoLnCmguhud8Sh4B1jFBE1
--clientID {client_id}
| Description | The client ID of the application requesting access to a resource |
| Required | Yes |
| Multi-Valued | No |
--clientSecret {client_secret}
| Description | The client secret of the application requesting access to a resource |
| Required | Yes |
| Multi-Valued | No |
--token {token}
| Description | The access token or refresh token to be revoked |
| Required | No |
| Multi-Valued | No |
--tokenFile {path}
| Description | The path to a file containing the access token or refresh token to be revoked |
| Required | No |
| Multi-Valued | No |
Obtain an access token using a client credentials grant
oauth2-request token-from-client-credentials \
--clientID acb941f0-76d5-11e2-bcfd-0800200c9a66 --clientSecret PMUkauXA \
--displayToken
--clientID {client_id}
| Description | The client ID of the application requesting access to a resource |
| Required | Yes |
| Multi-Valued | No |
--clientSecret {client_secret}
| Description | The client secret of the application requesting access to a resource |
| Required | Yes |
| Multi-Valued | No |
--scope {scope}
| Description | A requested OAuth2 scope. If no scope values are specified, the request is processed using default values |
| Required | No |
| Multi-Valued | Yes |
--displayToken
| Description | Indicates that the tool may write token values to the output. Token values are similar to passwords, so this option should be used with care |
--accessTokenFile {path}
| Description | The path to a file where the access token will be written |
| Required | No |
| Multi-Valued | No |
--tab-delimited
| Description | Indicates that properties with multiple values should display the values all on one line separated by tabs instead of providing each value on a separate line |
Obtain an access token using a resource owner password grant
oauth2-request token-from-resource-owner-password \
--clientID acb941f0-76d5-11e2-bcfd-0800200c9a66 --clientSecret PMUkauXA \
--ownerId test.user --ownerPassword password --displayToken
--clientID {client_id}
| Description | The client ID of the application requesting access to a resource |
| Required | Yes |
| Multi-Valued | No |
--clientSecret {client_secret}
| Description | The client secret of the application requesting access to a resource |
| Required | Yes |
| Multi-Valued | No |
--ownerId {owner}
| Description | The resource owner ID |
| Required | Yes |
| Multi-Valued | No |
--ownerPassword {password}
| Description | The resource owner's password |
| Required | No |
| Multi-Valued | No |
--ownerPasswordFile {path}
| Description | The path to a file containing the resource owner's password |
| Required | No |
| Multi-Valued | No |
--scope {scope}
| Description | A requested OAuth2 scope. If no scope values are specified, the request is processed using default values |
| Required | No |
| Multi-Valued | Yes |
--displayToken
| Description | Indicates that the tool may write token values to the output. Token values are similar to passwords, so this option should be used with care |
--accessTokenFile {path}
| Description | The path to a file where the access token will be written |
| Required | No |
| Multi-Valued | No |
--refreshTokenFile {path}
| Description | The path to a file where the refresh token, if any, will be written |
| Required | No |
| Multi-Valued | No |
--tab-delimited
| Description | Indicates that properties with multiple values should display the values all on one line separated by tabs instead of providing each value on a separate line |
Refresh an access token from a provided refresh token
oauth2-request token-refresh --clientID acb941f0-76d5-11e2-bcfd-0800200c9a66 \
--clientSecret PMUkauXA \
--sourceRefreshToken MD2AAQGBBnNJbmh1UYIw1zwVaHF128hKJk1VgQYkNCX9fkShvpbTthuRY6b7WsSoLnCmguhud8Sh4B1jFBE1 \
--displayToken
--clientID {client_id}
| Description | The client ID of the application requesting access to a resource |
| Required | Yes |
| Multi-Valued | No |
--clientSecret {client_secret}
| Description | The client secret of the application requesting access to a resource |
| Required | Yes |
| Multi-Valued | No |
--sourceRefreshToken {token}
| Description | The refresh token |
| Required | No |
| Multi-Valued | No |
--sourceRefreshTokenFile {path}
| Description | The path to a file containing the refresh token |
| Required | No |
| Multi-Valued | No |
--displayToken
| Description | Indicates that the tool may write token values to the output. Token values are similar to passwords, so this option should be used with care |
--accessTokenFile {path}
| Description | The path to a file where the access token will be written |
| Required | No |
| Multi-Valued | No |
--refreshTokenFile {path}
| Description | The path to a file where the refresh token, if any, will be written |
| Required | No |
| Multi-Valued | No |
--tab-delimited
| Description | Indicates that properties with multiple values should display the values all on one line separated by tabs instead of providing each value on a separate line |
Validate an access token
oauth2-request validate-token --clientID acb941f0-76d5-11e2-bcfd-0800200c9a66 \
--clientSecret PMUkauXA \
--token MD2AAQGBBnNJbmh1UYIw1zwVaHF128hKJk1VgQYkNCX9fkShvpbTthuRY6b7WsSoLnCmguhud8Sh4B1jFBE1
--clientID {client_id}
| Description | The client ID of the application requesting access to a resource |
| Required | Yes |
| Multi-Valued | No |
--clientSecret {client_secret}
| Description | The client secret of the application requesting access to a resource |
| Required | Yes |
| Multi-Valued | No |
--token {token}
| Description | The access token to be validated |
| Required | No |
| Multi-Valued | No |
--tokenFile {path}
| Description | The path to a file containing the access token to be validated |
| Required | No |
| Multi-Valued | No |
--tab-delimited
| Description | Indicates that properties with multiple values should display the values all on one line separated by tabs instead of providing each value on a separate line |
-V
--version
| Description | Display Identity Broker version information |
-H
--help
| Description | Display general usage information |
--help-debug
| Description | Display help for using debug options |
| Advanced | Yes |
-h {host}
--hostname {host}
| Description | Identity Broker hostname or IP address |
| Default Value | localhost |
| Required | No |
| Multi-Valued | No |
-p {port}
--httpPort {port}
| Description | Identity Broker HTTP/S port number [Default: from the local Identity Broker configuration] |
| Required | No |
| Multi-Valued | No |
-Z
--useSSL
| Description | Use SSL for secure communication with the server [Default: from the local Identity Broker configuration] |
-X
--trustAll
| Description | Trust all server SSL certificates |
-P {trustStorePath}
--trustStorePath {trustStorePath}
| Description | Certificate trust store path |
| Required | No |
| Multi-Valued | No |
--propertiesFilePath {propertiesFilePath}
| Description | Path to the file that contains default property values used for command-line arguments |
| Required | No |
| Multi-Valued | No |
--noPropertiesFile
| Description | Specify that no properties file will be used to get default command-line argument values |
-n
--no-prompt
| Description | Use non-interactive mode. If data in the command is missing, you will not be prompted and the tool will fail |
--script-friendly
| Description | Use script-friendly mode |
--help-subcommands
| Description | Display all subcommands |