Creating and updating an OAuth profile by using REST Administration APIs

System administrators can copy a key file to Eclipse Amlen to use in an OAuth profile by using the Eclipse Amlen REST API PUT method. System administrators can create an OAuth profile by using the Eclipse Amlen REST API POST method. Existing OAuth profiles can also be updated by system administrators by using the Eclipse Amlen REST API POST method.

You can create or update an OAuth profile by using REST Administration APIs, or by using the Amlen WebUI. For more information about using the Amlen WebUI to create an OAuth profile, see Configuring OAuth profiles by using the Amlen WebUI.

  1. Optional: Import a key file to use to secure the connection to the authorization server by using the Eclipse Amlen REST API PUT method with the following Eclipse Amlen file URI:

    http://<admin-endpoint-IP:Port>/ima/v1/file/<filename>

    The certificate is copied to /var/lib/amlen-server/userfiles

  2. To create or update an OAuth profile, use the Eclipse Amlen REST API POST method with the following Eclipse Amlen configuration URI:

    http://<admin-endpoint-IP:Port>/ima/v1/configuration/

  3. Provide OAuthProfile object configuration data in the payload of the POST method by using the following schema. Content-type is set to application/json. Ensure that capitalization and double quotation marks are used as shown. 
    
{    
  "OAuthProfile": {
    "<NameOfOAuthProfile>": {
      "ResourceURL": "string",
      "KeyFileName": "string",
      "AuthKey": "string",
      "UserInfoURL": "string",
      "UserInfoKey": "string",      
      "GroupInfoKey": "string",
      "TokenSendMethod":   "URLParam" (default)|"HTTPHeader",
      "Overwrite": true|false
     }
   }
}
    Where:
    NameOfOAuthProfile
    Required.
    Specifies a name for the OAuth profile.
    The name can be a maximum of 256 alphanumeric characters. The first character must not be a number.
    After the profile is created, this name cannot be changed.
    ResourceURL
    Required if you are creating an OAuth profile.
    Specifies the authorization server URL that is used to validate the access token.
    The URL must include the protocol. The protocol can be either http or https.
    KeyFileName
    Specifies the name of the key file (certificate for the OAuth Server) to use with this OAuth profile. The file must exist on Eclipse Amlen in the following path: /var/messagesight/data/certificates/OAuth/.
    The name can be a maximum of 255 alphanumeric characters. The first character must not be a number.
    CheckServerCert
    Available in version 5.0.0.2 and later releases. Possible options are as follows:
    TrustStore
    When connecting to the LDAP server, the certificate that is presented by the server is checked using the certificate that is uploaded to the product trust store.
    PublicTrust
    The certificate that is presented by the LDAP server is checked against the public certificates that are installed as part of the operating system.
    DisableVerify
    No certificate verification is performed when connecting to the LDAP server. This is an insecure option that is designed for testing purposes only.
    AuthKey
    Specifies the name of the key that is used to store the access token.
    The default value is access_token.
    UserInfoURL
    Specifies the authorization server URL that is used to retrieve the user information.
    The URL must include the protocol. The protocol can be either http or https.
    UserInfoKey
    Specifies the name of the key that is used to store the user information.
    The name must not have leading or trailing spaces and cannot contain control characters, commas, double quotation marks, backslashes, or equal signs.
    GroupInfoKey
    Specifies the name of the key that is used to retrieve the group information.
    The name must not have leading or trailing spaces and cannot contain control characters, commas, double quotation marks, backslashes, or equal signs.
    If this parameter is specified, Eclipse Amlen does not retrieve group information from any other source.
    TokenSendMethod
    Specifies how an access token is included in the request to a Resource URL either as a parameter in the URL (the default) or as an HTTP Header in the request.
    The AuthKey setting determines the name of the URL parameter or the HTTP Header.
    Overwrite: true|false
    Specifies whether an existing certificate and key are overwritten if they have the same name.
    The default value is false which means that an existing certificate and key are not overwritten if they have the same name.

    You can check that the configuration of your OAuth profile is as expected by using the Eclipse Amlen REST Administration API GET method. For more information about the GET method, see Viewing configuration details of objects that can be named by using REST Administration APIs.

The following example shows the creation of an OAuth profile named MyOAuthProfile by using cURL:

curl -X POST \
   -H 'Content-Type: application/json'  \
   -d  '{ 
         "OAuthProfile": {   
           "MyOAauthProfile": {
             "ResourceURL": "http://myOAuthexample.com/home.jsp"                         
          }
        }
    }
 '  \
http://127.0.0.1:9089/ima/v1/configuration/
The following shows an example response to the POST method.

{        
  "Version": "v1",
  "Code": "CWLNA6011",
  "Message": "The requested configuration change has completed successfully."
}