How do I check that an OAuth 2.0 client can connect to AM (All versions)?
The purpose of this article is to provide information on checking that an OAuth 2.0 client or OIDC client can connect to AM. The results of the connectivity check serves various purposes, including: validating credentials are correct and verifying the client can authenticate to AM for determining access.
1 reader recommends this article
Checking that an OAuth 2.0 client can connect
Note
For the OAuth 2.0 client to be able to authenticate, agent must be listed as an Identity Type (Realms > [Realm Name] > Authentication > Settings > General > Identity Types). It is included by default, but if it missing, you will see the following response:
{ "code": 401, "reason": "Unauthorized", "message": "User Requires Profile to Login" }
And should re-add it.
The following check validates the client credentials to prove that the client can connect to AM but does not create a session, this is done by simply validating the OAuth2 client and client secret. This method may be preferable to the alternative for testing, which involves generating an OAuth 2.0 and then revoking it.
You can validate the client credentials using a REST call similar to this:$ curl -X POST -H "X-OpenAM-Username: myOAuth2Client" -H "X-OpenAM-Password: clientPassword" -H "Content-Type: application/json" -H "Accept-API-Version: resource=2.1" https://am.example.com:8443/am/json/realms/root/authenticate?realm=/&noSession=true&authIndexType=module&authIndexValue=Application
Responses:
- A successful response will look similar to this, where a session token is not created because of the noSession parameter: {"message":"Authentication Successful","successUrl":"/am/console","realm":"/"
- Whereas an unsuccessful response is similar to this: {"code":401,"reason":"Unauthorized","message":"Authentication Failed"}
See Also
How do I check if AM (All versions) is up and running?
How do I check that an Agent (All versions) can connect to AM?
Related Training
N/A
Related Issue Tracker IDs
N/A