--- title: HTTP OAuth2 Authorization Mechanism description: This is an abstract object type that cannot be instantiated. component: pingds version: 8 page_id: pingds:configref:objects-http-oauth2-authorization-mechanism canonical_url: https://docs.pingidentity.com/pingds/8/configref/objects-http-oauth2-authorization-mechanism.html section_ids: http_oauth2_authorization_mechanisms: HTTP OAuth2 Authorization Mechanisms parent: Parent dependencies: Dependencies http_oauth2_authorization_mechanism_properties: HTTP OAuth2 Authorization Mechanism properties basic_properties: Basic properties access-token-cache-enabled: access-token-cache-enabled access-token-cache-expiration: access-token-cache-expiration authzid-json-pointer: authzid-json-pointer enabled: enabled identity-mapper: identity-mapper required-scope: required-scope advanced_properties: Advanced properties java-class: java-class --- # HTTP OAuth2 Authorization Mechanism *This is an abstract object type that cannot be instantiated.* The HTTP OAuth2 Authorization Mechanism is used to define HTTP OAuth2 authorization mechanism. ## HTTP OAuth2 Authorization Mechanisms The following HTTP OAuth2 Authorization Mechanisms are available: * [HTTP OAuth2 CTS Authorization Mechanism](objects-http-oauth2-cts-authorization-mechanism.html) * [HTTP OAuth2 File Based Authorization Mechanism](objects-http-oauth2-file-authorization-mechanism.html) * [HTTP OAuth2 OpenAM Authorization Mechanism (LEGACY)](objects-http-oauth2-openam-authorization-mechanism.html) * [HTTP OAuth2 Token Introspection (RFC 7662) Authorization Mechanism](objects-http-oauth2-token-introspection-authorization-mechanism.html) These HTTP OAuth2 Authorization Mechanisms inherit the properties described below. ## Parent The HTTP OAuth2 Authorization Mechanism object inherits from [HTTP Authorization Mechanism](objects-http-authorization-mechanism.html). ## Dependencies HTTP OAuth2 Authorization Mechanisms depend on the following objects: * [Identity Mapper](objects-identity-mapper.html) ## HTTP OAuth2 Authorization Mechanism properties You can use configuration expressions to set property values at startup time. For details, see [Property value substitution](expressions.html). | Basic Properties | Advanced Properties | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | | [access-token-cache-enabled](#access-token-cache-enabled) [access-token-cache-expiration](#access-token-cache-expiration) [authzid-json-pointer](#authzid-json-pointer) [enabled](#enabled) [identity-mapper](#identity-mapper) [required-scope](#required-scope) | [java-class](#java-class) | ### Basic properties Use the `--advanced` option to access advanced properties. ### access-token-cache-enabled | | | | ----------------------- | ----------------------------------------------------------------------------- | | *Synopsis* | Indicates whether the HTTP OAuth2 Authorization Mechanism is enabled for use. | | *Default value* | false | | *Allowed values* | truefalse | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### access-token-cache-expiration | | | | ----------------------- | ---------------------------------------------------------------------------------------------------- | | *Synopsis* | Token cache expiration | | *Default value* | None | | *Allowed values* | Uses [duration syntax](duration-syntax.html).Lower limit: 0 seconds.Upper limit: 2147483647 seconds. | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### authzid-json-pointer | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. | | *Default value* | None | | *Allowed values* | A string. | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### enabled | | | | ----------------------- | -------------------------------------------------------------- | | *Synopsis* | Indicates whether the HTTP Authorization Mechanism is enabled. | | *Default value* | None | | *Allowed values* | truefalse | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### identity-mapper | | | | ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the name of the identity mapper(s) to use in conjunction with the authzid-json-pointer to get the user corresponding to the access-token. | | *Default value* | None | | *Allowed values* | The name of an existing [identity-mapper](objects-identity-mapper.html).The referenced identity mapper(s) must be enabled when the HTTP OAuth2 Authorization Mechanism is enabled. | | *Multi-valued* | Yes | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### required-scope | | | | ----------------------- | ----------------------------------------------- | | *Synopsis* | Scopes required to grant access to the service. | | *Default value* | None | | *Allowed values* | A string. | | *Multi-valued* | Yes | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ## Advanced properties Use the `--advanced` option to access advanced properties. ### java-class | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the fully-qualified name of the Java class that provides the HTTP Authorization Mechanism implementation. | | *Default value* | None | | *Allowed values* | A Java class that extends or implements:- org.opends.server.protocols.http.authz.HttpAuthorizationMechanism | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | Yes | | *Read-only* | No |