Directory Services 7.2.5

HTTP OAuth2 Authorization Mechanism

This is an abstract object type that cannot be instantiated.

The HTTP OAuth2 Authorization Mechanism is used to define HTTP OAuth2 authorization mechanism.

HTTP OAuth2 Authorization Mechanisms

The following HTTP OAuth2 Authorization Mechanisms are available:

These HTTP OAuth2 Authorization Mechanisms inherit the properties described below.

Parent

The HTTP OAuth2 Authorization Mechanism object inherits from HTTP Authorization Mechanism.

Dependencies

HTTP OAuth2 Authorization Mechanisms depend on the following objects:

HTTP OAuth2 Authorization Mechanism properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

access-token-cache-enabled
access-token-cache-expiration
authzid-json-pointer
enabled
identity-mapper
required-scope

java-class

Basic properties

Use the --advanced option to access advanced properties.

access-token-cache-enabled

Synopsis

Indicates whether the HTTP OAuth2 Authorization Mechanism is enabled for use.

Default value

false

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

access-token-cache-expiration

Synopsis

Token cache expiration

Default value

None

Allowed values

Uses duration syntax.

Lower limit: 0 seconds.

Upper limit: 2147483647 seconds.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

authzid-json-pointer

Synopsis

Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document.

Default value

None

Allowed values

A string.

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

enabled

Synopsis

Indicates whether the HTTP Authorization Mechanism is enabled.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

identity-mapper

Synopsis

Specifies the name of the identity mapper(s) to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token.

Default value

None

Allowed values

The name of an existing identity-mapper.

The referenced identity mapper(s) must be enabled when the HTTP OAuth2 Authorization Mechanism is enabled.

Multi-valued

Yes

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

required-scope

Synopsis

Scopes required to grant access to the service.

Default value

None

Allowed values

A string.

Multi-valued

Yes

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the HTTP Authorization Mechanism implementation.

Default value

None

Allowed values

A Java class that extends or implements:

  • org.opends.server.protocols.http.authz.HttpAuthorizationMechanism

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

Yes

Read-only

No