Perform OAuth2 requests on the Identity Broker.
This tool may be used to test OAuth2 functions of the Identity Broker, and to manage OAuth2 tokens on behalf of registered applications. See the --help-subcommands option for a list of supported sub-commands.
Revoke an access token or refresh token
oauth2-request revoke-token --clientID acb941f0-76d5-11e2-bcfd-0800200c9a66 \ --clientSecret PMUkauXA \ --token MD2AAQGBBnNJbmh1UYIw1zwVaHF128hKJk1VgQYkNCX9fkShvpbTthuRY6b7WsSoLnCmguhud8Sh4B1jFBE1
--clientID {client_id}
Description | The client ID of the application requesting access to a resource |
Required | No |
Multi-Valued | No |
--clientSecret {client_secret}
Description | The client secret of the application requesting access to a resource |
Required | Yes |
Multi-Valued | No |
--token {token}
Description | The access token or refresh token to be revoked |
Required | No |
Multi-Valued | No |
--tokenFile {path}
Description | The path to a file containing the access token or refresh token to be revoked |
Required | No |
Multi-Valued | No |
Obtain an access token using a client credentials grant
oauth2-request token-from-client-credentials \ --clientID acb941f0-76d5-11e2-bcfd-0800200c9a66 --clientSecret PMUkauXA \ --displayToken
--clientID {client_id}
Description | The client ID of the application requesting access to a resource |
Required | No |
Multi-Valued | No |
--clientSecret {client_secret}
Description | The client secret of the application requesting access to a resource |
Required | Yes |
Multi-Valued | No |
--scope {scope}
Description | A requested OAuth2 scope. If no scope values are specified, the request is processed using default values |
Required | No |
Multi-Valued | Yes |
--displayToken
Description | Indicates that the tool may write token values to the output. Token values are similar to passwords, so this option should be used with care |
--accessTokenFile {path}
Description | The path to a file where the access token will be written |
Required | No |
Multi-Valued | No |
--tab-delimited
Description | Indicates that properties with multiple values should display the values all on one line separated by tabs instead of providing each value on a separate line |
Obtain an access token using a resource owner password grant
oauth2-request token-from-resource-owner-password \ --clientID acb941f0-76d5-11e2-bcfd-0800200c9a66 --clientSecret PMUkauXA \ --ownerId test.user --ownerPassword password --displayToken
--clientID {client_id}
Description | The client ID of the application requesting access to a resource |
Required | No |
Multi-Valued | No |
--clientSecret {client_secret}
Description | The client secret of the application requesting access to a resource |
Required | Yes |
Multi-Valued | No |
--ownerId {owner}
Description | The resource owner ID |
Required | Yes |
Multi-Valued | No |
--ownerPassword {password}
Description | The resource owner's password |
Required | No |
Multi-Valued | No |
--ownerPasswordFile {path}
Description | The path to a file containing the resource owner's password |
Required | No |
Multi-Valued | No |
--scope {scope}
Description | A requested OAuth2 scope. If no scope values are specified, the request is processed using default values |
Required | No |
Multi-Valued | Yes |
--displayToken
Description | Indicates that the tool may write token values to the output. Token values are similar to passwords, so this option should be used with care |
--accessTokenFile {path}
Description | The path to a file where the access token will be written |
Required | No |
Multi-Valued | No |
--refreshTokenFile {path}
Description | The path to a file where the refresh token, if any, will be written |
Required | No |
Multi-Valued | No |
--tab-delimited
Description | Indicates that properties with multiple values should display the values all on one line separated by tabs instead of providing each value on a separate line |
Refresh an access token from a provided refresh token
oauth2-request token-refresh --clientID acb941f0-76d5-11e2-bcfd-0800200c9a66 \ --clientSecret PMUkauXA \ --sourceRefreshToken MD2AAQGBBnNJbmh1UYIw1zwVaHF128hKJk1VgQYkNCX9fkShvpbTthuRY6b7WsSoLnCmguhud8Sh4B1jFBE1 \ --displayToken
--clientID {client_id}
Description | The client ID of the application requesting access to a resource |
Required | No |
Multi-Valued | No |
--clientSecret {client_secret}
Description | The client secret of the application requesting access to a resource |
Required | Yes |
Multi-Valued | No |
--sourceRefreshToken {token}
Description | The refresh token |
Required | No |
Multi-Valued | No |
--sourceRefreshTokenFile {path}
Description | The path to a file containing the refresh token |
Required | No |
Multi-Valued | No |
--displayToken
Description | Indicates that the tool may write token values to the output. Token values are similar to passwords, so this option should be used with care |
--accessTokenFile {path}
Description | The path to a file where the access token will be written |
Required | No |
Multi-Valued | No |
--refreshTokenFile {path}
Description | The path to a file where the refresh token, if any, will be written |
Required | No |
Multi-Valued | No |
--tab-delimited
Description | Indicates that properties with multiple values should display the values all on one line separated by tabs instead of providing each value on a separate line |
Validate an access token
oauth2-request validate-token \ --token MD2AAQGBBnNJbmh1UYIw1zwVaHF128hKJk1VgQYkNCX9fkShvpbTthuRY6b7WsSoLnCmguhud8Sh4B1jFBE1
--clientID {client_id}
Description | The client ID of the application requesting access to a resource |
Required | No |
Multi-Valued | No |
--token {token}
Description | The access token to be validated |
Required | No |
Multi-Valued | No |
--tokenFile {path}
Description | The path to a file containing the access token to be validated |
Required | No |
Multi-Valued | No |
--idToken {idToken}
Description | The ID token to be validated |
Required | No |
Multi-Valued | No |
--idTokenFile {path}
Description | The path to a file containing the ID token to be validated |
Required | No |
Multi-Valued | No |
--tab-delimited
Description | Indicates that properties with multiple values should display the values all on one line separated by tabs instead of providing each value on a separate line |
-V
--version
Description | Display Identity Broker version information |
-H
--help
Description | Display general usage information |
--help-debug
Description | Display help for using debug options |
Advanced | Yes |
-h {host}
--hostname {host}
Description | Identity Broker hostname or IP address |
Default Value | localhost |
Required | No |
Multi-Valued | No |
-p {port}
--httpPort {port}
Description | Identity Broker HTTP/S port number [Default: from the local Identity Broker configuration] |
Required | No |
Multi-Valued | No |
-Z
--useSSL
Description | Use SSL for secure communication with the server [Default: from the local Identity Broker configuration] |
-X
--trustAll
Description | Trust all server SSL certificates |
-P {trustStorePath}
--trustStorePath {trustStorePath}
Description | Certificate trust store path |
Required | No |
Multi-Valued | No |
--propertiesFilePath {propertiesFilePath}
Description | Path to the file that contains default property values used for command-line arguments |
Required | No |
Multi-Valued | No |
--noPropertiesFile
Description | Specify that no properties file will be used to get default command-line argument values |
-n
--no-prompt
Description | Use non-interactive mode. If data in the command is missing, you will not be prompted and the tool will fail |
--script-friendly
Description | Use script-friendly mode |
--help-subcommands
Description | Display all subcommands |