--- title: HTTP OAuth2 File Based Authorization Mechanism description: The HTTP OAuth2 File Based Authorization Mechanism is used to define OAuth2 authorization through a file based access-token resolution. For test purpose only, this mechanism is looking up for JSON access-token files under the specified path. component: pingds version: 8 page_id: pingds:configref:objects-http-oauth2-file-authorization-mechanism canonical_url: https://docs.pingidentity.com/pingds/8/configref/objects-http-oauth2-file-authorization-mechanism.html section_ids: parent: Parent http_oauth2_file_based_authorization_mechanism_properties: HTTP OAuth2 File Based Authorization Mechanism properties basic_properties: Basic properties access-token-cache-enabled: access-token-cache-enabled access-token-cache-expiration: access-token-cache-expiration access-token-directory: access-token-directory authzid-json-pointer: authzid-json-pointer enabled: enabled identity-mapper: identity-mapper required-scope: required-scope advanced_properties: Advanced properties java-class: java-class --- # HTTP OAuth2 File Based Authorization Mechanism The HTTP OAuth2 File Based Authorization Mechanism is used to define OAuth2 authorization through a file based access-token resolution. For test purpose only, this mechanism is looking up for JSON access-token files under the specified path. ## Parent The HTTP OAuth2 File Based Authorization Mechanism object inherits from [HTTP OAuth2 Authorization Mechanism](objects-http-oauth2-authorization-mechanism.html). ## HTTP OAuth2 File Based Authorization Mechanism properties You can use configuration expressions to set property values at startup time. For details, see [Property value substitution](expressions.html). | Basic Properties | Advanced Properties | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | | [access-token-cache-enabled](#access-token-cache-enabled) [access-token-cache-expiration](#access-token-cache-expiration) [access-token-directory](#access-token-directory) [authzid-json-pointer](#authzid-json-pointer) [enabled](#enabled) [identity-mapper](#identity-mapper) [required-scope](#required-scope) | [java-class](#java-class) | ### Basic properties Use the `--advanced` option to access advanced properties. ### access-token-cache-enabled | | | | ----------------------- | ----------------------------------------------------------------------------- | | *Synopsis* | Indicates whether the HTTP OAuth2 Authorization Mechanism is enabled for use. | | *Default value* | false | | *Allowed values* | truefalse | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### access-token-cache-expiration | | | | ----------------------- | ---------------------------------------------------------------------------------------------------- | | *Synopsis* | Token cache expiration | | *Default value* | None | | *Allowed values* | Uses [duration syntax](duration-syntax.html).Lower limit: 0 seconds.Upper limit: 2147483647 seconds. | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### access-token-directory | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Directory containing token files. File names must be equal to the token strings. The file content must a JSON object with the following attributes: 'scope', 'expireTime' and all the field(s) needed to resolve the authzIdTemplate. | | *Default value* | oauth2-demo/ | | *Allowed values* | A path to an existing file that is readable (and/or writeable) by the server. | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### authzid-json-pointer | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. | | *Default value* | None | | *Allowed values* | A string. | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### enabled | | | | ----------------------- | -------------------------------------------------------------- | | *Synopsis* | Indicates whether the HTTP Authorization Mechanism is enabled. | | *Default value* | None | | *Allowed values* | truefalse | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### identity-mapper | | | | ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the name of the identity mapper(s) to use in conjunction with the authzid-json-pointer to get the user corresponding to the access-token. | | *Default value* | None | | *Allowed values* | The name of an existing [identity-mapper](objects-identity-mapper.html).The referenced identity mapper(s) must be enabled when the HTTP OAuth2 Authorization Mechanism is enabled. | | *Multi-valued* | Yes | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### required-scope | | | | ----------------------- | ----------------------------------------------- | | *Synopsis* | Scopes required to grant access to the service. | | *Default value* | None | | *Allowed values* | A string. | | *Multi-valued* | Yes | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ## Advanced properties Use the `--advanced` option to access advanced properties. ### java-class | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the fully-qualified name of the Java class that provides the HTTP OAuth2 File Based Authorization Mechanism implementation. | | *Default value* | org.opends.server.protocols.http.authz.HttpOAuth2FileAuthorizationMechanism | | *Allowed values* | A Java class that extends or implements:- org.opends.server.protocols.http.authz.HttpAuthorizationMechanism | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | Yes | | *Read-only* | No |