Directory Services 7.3.5

HTTP OAuth2 File Based Authorization Mechanism

The HTTP OAuth2 File Based Authorization Mechanism is used to define OAuth2 authorization through a file based access-token resolution. For test purpose only, this mechanism is looking up for JSON access-token files under the specified path.

Parent

The HTTP OAuth2 File Based Authorization Mechanism object inherits from HTTP OAuth2 Authorization Mechanism.

HTTP OAuth2 File Based Authorization Mechanism properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

access-token-cache-enabled
access-token-cache-expiration
access-token-directory
authzid-json-pointer
enabled
identity-mapper
required-scope

java-class

Basic properties

Use the --advanced option to access advanced properties.

access-token-cache-enabled

Synopsis

Indicates whether the HTTP OAuth2 Authorization Mechanism is enabled for use.

Default value

false

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

access-token-cache-expiration

Synopsis

Token cache expiration

Default value

None

Allowed values

Lower limit: 0 seconds.

Upper limit: 2147483647 seconds.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

access-token-directory

Synopsis

Directory containing token files. File names must be equal to the token strings. The file content must a JSON object with the following attributes: 'scope', 'expireTime' and all the field(s) needed to resolve the authzIdTemplate.

Default value

oauth2-demo/

Allowed values

A string.

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

authzid-json-pointer

Synopsis

Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document.

Default value

None

Allowed values

A string.

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

enabled

Synopsis

Indicates whether the HTTP Authorization Mechanism is enabled.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

identity-mapper

Synopsis

Specifies the name of the identity mapper(s) to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token.

Default value

None

Allowed values

The name of an existing identity-mapper.

The referenced identity mapper(s) must be enabled when the HTTP OAuth2 Authorization Mechanism is enabled.

Multi-valued

Yes

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

required-scope

Synopsis

Scopes required to grant access to the service.

Default value

None

Allowed values

A string.

Multi-valued

Yes

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the HTTP OAuth2 File Based Authorization Mechanism implementation.

Default value

org.opends.server.protocols.http.authz.HttpOAuth2FileAuthorizationMechanism

Allowed values

A Java class that extends or implements:

  • org.opends.server.protocols.http.authz.HttpAuthorizationMechanism

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

Yes

Read-only

No