webMethods 10.2 | Integration Server Administrator's Guide | Configuring OAuth | Configuring Integration Server for OAuth
 
Configuring Integration Server for OAuth
 
Configuring OAuth Settings
Defining Clients
Defining Scopes
Associating Scopes and Clients
Viewing and Deleting Tokens
Customizing the Approval Page
Before you can begin to use OAuth in your Integration Server environment, you need to specify settings for the authorization server and/or resource server, depending on which role the Integration Server plays in you OAuth solution. When the authorization server and resource server are configured, you can start registering clients and managing your OAuth scopes.
Configuring OAuth consists of the following basic stages:
Stage 1
Configure OAuth settings.
During this stage, you configure the OAuth settings on Integration Server. Integration Server is configured to use certain OAuth settings by default. For information about configuring these settings to reflect those for your system, see Configuring OAuth Settings.
Note: This stage primarily applies to an Integration Server being used as an authorization server. However, if the Integration Server is acting as the resource server, you must use the Authorization server field on the Security> OAuth > Edit OAuth Global Settings page to identify the authorization server for the resource server.
Stage 2
Define clients.
During this stage, you define the clients that are authorized to access the authorization server. For information about registering, modifying, and deleting clients, see Defining Clients.
Your authorization server and resource server must have the same client_id values. If you are using Integration Servers for the authorization and resource servers, you can define the client_id values on one Integration Server and then deploy the values to the other Integration Server.
Stage 3
Define scopes.
During this stage, you define the scopes available for the clients to access. For information about adding, modifying, and deleting scopes, see Defining Scopes.
Your authorization server and resource server must have the same scope names. You can define the scope names on each server. Or, f you are using Integration Servers for the authorization and resource servers, you can define the scopes on one Integration Server and then deploy the values to the other Integration Server.
Stage 4
Associate scopes to clients and vice versa.
During this stage, you associate scopes to clients and vice versa. When you associate scopes and clients, you authorize the scopes that each client can access. For information about adding, removing, and viewing the associations between scopes and clients, see Associating Scopes and Clients.
Note: This stage applies to an Integration Server being used as an authorization server only. You do not need to complete this stage for an Integration Server being used as a resource server.
Stage 5
If you want to keep specific client applications from accessing resources after the authorization server has granted an access token, you can do either of the following:
*On the authorization server, delete the active access and refresh tokens granted for that client application. For information about viewing and deleting tokens, see Viewing and Deleting Tokens.
*On the resource server, disable the client application. For information about disabling client applications, see Enabling and Disabling Clients.

Copyright © 2017-2018 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release