Stage 1 | Configure OAuth settings. During this stage, you configure the OAuth settings on Integration Server. Integration Server is configured to use certain OAuth settings by default. For information about configuring these settings to reflect those for your system, see Configuring OAuth Settings. Note: This stage primarily applies to an Integration Server being used as an authorization server. However, if the Integration Server is acting as the resource server, you must use the Authorization server field on the Security> OAuth > Edit OAuth Global Settings page to identify the authorization server for the resource server. |
Stage 2 | Define clients. During this stage, you define the clients that are authorized to access the authorization server and specify which grant types they can use. For information about registering, modifying, and deleting clients, see Defining Clients. When using Integration Server as the authorization server, the Integration Server and the resource server need to have the same resource owners. This requirement does not apply when using an external authorization server or if all of your clients will use the client credentials grant type. If you are using Integration Servers for the authorization and resource servers, you can define the client_id values on one Integration Server and then deploy the values to the other Integration Server. For clients that use the client credentials grant, the user accounts associated with the clients need to be on the authorization server and the resource server. |
Stage 3 | Define scopes. During this stage, you define the scopes available for the clients to access. For information about adding, modifying, and deleting scopes, see Defining Scopes. Your authorization server and resource server must have the same scope names. You can define the scope names on each server. Or, if you are using Integration Servers for the authorization and resource servers, you can define the scopes on one Integration Server and then deploy the values to the other Integration Server. |
Stage 4 | Associate scopes to clients and vice versa. During this stage, you associate scopes to clients. When you associate scopes and clients, you authorize the scopes that each client can access. For information about adding, removing, and viewing the associations between scopes and clients, see
Associating Scopes and Clients. Note: This stage applies to an Integration Server being used as an authorization server only. You do not need to complete this stage for an Integration Server being used as a resource server. |
Stage 5 | If you want to prevent specific client applications from accessing resources after the authorization server has granted an access token, you can do either of the following: On the authorization server, delete the active access and refresh tokens granted for that client application. For information about viewing and deleting tokens, see Managing Tokens. On the resource server, disable the client application. For information about disabling client applications, see Enabling and Disabling Clients. |