OpenDJ Server - HTTP Oauth2 File Authorization Mechanism

HTTP Oauth2 File Authorization Mechanism

The HTTP Oauth2 File Authorization Mechanism is used to define OAuth2 authorization through a file based access-token resolution. For test purpose only, this mechanism is looking up for JSON access-token files under the specified path.

Parent Component

The HTTP Oauth2 File Authorization Mechanism component inherits from the HTTP Oauth2 Authorization Mechanism

Properties

A description of each property follows.

Basic Properties:	Advanced Properties:
↓ access-token-cache-enabled	↓ java-class
↓ access-token-cache-expiration
↓ access-token-directory
↓ authzid-json-pointer
↓ enabled
↓ identity-mapper
↓ required-scope

Basic Properties

access-token-cache-enabled

Description	Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use.
Default Value	false
Allowed Values	true false
Multi-valued	No
Required	Yes
Admin Action Required	None
Advanced Property	No
Read-only	No

access-token-cache-expiration

Description	Token cache expiration
Default Value	None
Allowed Values	A duration Syntax. Lower limit is 0 seconds. Upper limit is 2147483647 seconds.
Multi-valued	No
Required	No
Admin Action Required	None
Advanced Property	No
Read-only	No

access-token-directory

Description	Directory containing token files. File names must be equal to the token strings. The file content must a JSON object with the following attributes: 'scope', 'expireTime' and all the field(s) needed to resolve the authzIdTemplate.
Default Value	oauth2-demo/
Allowed Values	A String
Multi-valued	No
Required	Yes
Admin Action Required	None
Advanced Property	No
Read-only	No

authzid-json-pointer

Description	Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid)
Default Value	None
Allowed Values	A String
Multi-valued	No
Required	Yes
Admin Action Required	None
Advanced Property	No
Read-only	No

enabled

Description	Indicates whether the HTTP Authorization Mechanism is enabled.
Default Value	None
Allowed Values	true false
Multi-valued	No
Required	Yes
Admin Action Required	None
Advanced Property	No
Read-only	No

identity-mapper

Description	> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token.
Default Value	None
Allowed Values	The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled.
Multi-valued	No
Required	Yes
Admin Action Required	None
Advanced Property	No
Read-only	No

required-scope

Description	Scopes required to grant access to the service.
Default Value	None
Allowed Values	A String
Multi-valued	Yes
Required	Yes
Admin Action Required	None
Advanced Property	No
Read-only	No

Advanced Properties

java-class

Description	Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 File Authorization Mechanism implementation.
Default Value	org.opends.server.protocols.http.authz.HttpOAuth2FileAuthorizationMechanism
Allowed Values	A java class that implements or extends the class(es) : org.opends.server.protocols.http.authz.HttpAuthorizationMechanism
Multi-valued	No
Required	Yes
Admin Action Required	None
Advanced Property	Yes
Read-only	No