Checking that an OAuth 2.0 client can connect

The following check validates the client credentials to prove that the client can connect to AM/OpenAM but does not create a session, this is done by simply validating the OAuth2 client and client secret. This method may be preferable to the alternative for testing, which involves generating an access token and then revoking it.

You can validate the client credentials using a REST call similar to this:

• AM 5 and later:

  $ curl -X POST -H "X-OpenAM-Username: myOAuth2Client" -H "X-OpenAM-Password: clientPassword" -H "Content-Type: application/json" -H "Accept-API-Version: resource=2.1" http://host1.example.com:8080/openam/json/realms/root/authenticate?realm=/&noSession=true&authIndexType=module&authIndexValue=Application
  

• Pre-AM 5:

  $ curl -X POST -H "X-OpenAM-Username: myOAuth2Client" -H "X-OpenAM-Password: clientPassword" -H "Content-Type: application/json" 
  http://host1.example.com:8080/openam/json/authenticate?realm=/&noSession=true&authIndexType=module&authIndexValue=Application
  

A successful response will look similar to this, where a session token is not created because of the noSession parameter:

{"message":"Authentication Successful","successUrl":"/openam/console","realm":"/"

Whereas an unsuccessful response is similar to this:

{"code":401,"reason":"Unauthorized","message":"Authentication Failed"}

See Also

How do I check if AM/OpenAM (All versions) is up and running?

How do I check that a Policy Agent (All versions) can connect to AM/OpenAM?

OAuth 2.0 in AM/OpenAM

OAuth 2.0 Guide

Related Training

N/A

Related Issue Tracker IDs

N/A