HTTP OAuth2 Token Introspection (RFC 7662) Authorization Mechanism
The HTTP OAuth2 Token Introspection (RFC 7662) Authorization Mechanism is used to define OAuth2 authorization using an introspection (RFC7662) compliant authorization server.
Dependencies
HTTP OAuth2 Token Introspection (RFC 7662) Authorization Mechanisms depend on the following objects:
Properties
Use the --advanced
option to access advanced properties.
Basic Properties
Advanced Properties
Basic Properties
access-token-cache-enabled
Synopsis | Indicates whether the HTTP OAuth2 Authorization Mechanism is enabled for use. |
Default Value | false
|
Allowed Values | true false |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
access-token-cache-expiration
Synopsis | Token cache expiration |
Default Value | None |
Allowed Values | A duration. Lower limit: 0 seconds. Upper limit: 2147483647 seconds. |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
authzid-json-pointer
Synopsis | Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) |
Default Value | None |
Allowed Values | A string. |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
client-id
Synopsis | Client's ID to use during the HTTP basic authentication against the authorization server. |
Default Value | None |
Allowed Values | A string. |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
client-secret
Synopsis | Client's secret to use during the HTTP basic authentication against the authorization server. |
Default Value | None |
Allowed Values | A string. |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
enabled
Synopsis | Indicates whether the HTTP Authorization Mechanism is enabled. |
Default Value | None |
Allowed Values | true false |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
identity-mapper
Synopsis | > Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. |
Default Value | None |
Allowed Values | The name of an existing Identity Mapper. The referenced identity mapper must be enabled when the HTTP OAuth2 Authorization Mechanism is enabled. |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
key-manager-provider
Synopsis | Specifies the name of the key manager that should be used with this HTTP OAuth2 Token Introspection (RFC 7662) Authorization Mechanism . |
Default Value | None |
Allowed Values | The name of an existing Key Manager Provider. The referenced key manager provider must be enabled. |
Multi-valued | No |
Required | No |
Admin Action Required | None Changes to this property take effect immediately, but only for subsequent requests to the authorization server. |
Advanced | No |
Read-Only | No |
required-scope
Synopsis | Scopes required to grant access to the service. |
Default Value | None |
Allowed Values | A string. |
Multi-valued | Yes |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
token-introspection-url
Synopsis | Defines the token introspection endpoint URL where the access-token resolution request should be sent. (example: http://example.com/introspect) |
Default Value | None |
Allowed Values | A string. |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
trust-manager-provider
Synopsis | Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server. |
Default Value | By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. |
Allowed Values | The name of an existing Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. |
Multi-valued | No |
Required | No |
Admin Action Required | None Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations. |
Advanced | No |
Read-Only | No |
Advanced Properties
java-class
Synopsis | Specifies the fully-qualified name of the Java class that provides the HTTP OAuth2 Token Introspection (RFC 7662) Authorization Mechanism implementation. |
Default Value | org.opends.server.protocols.http.authz.HttpOAuth2TokenIntrospectionAuthorizationMechanism
|
Allowed Values | A Java class that extends or implements: org.opends.server.protocols.http.authz.HttpAuthorizationMechanism |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | Yes |
Read-Only | No |