Create or update an OAuth profile

Purpose

Creates or updates an OAuth profile. An OAuth profile defines the key files and URLs to use for open authorization.

URI

Use the Eclipse Amlen REST API POST method with the following Eclipse Amlen configuration URI:

http://<admin-endpoint-IP:Port>/ima/v1/configuration/

Object configuration data

Provide OAuthProfile object configuration data in the payload of the POST method by using the following schema. Content-type is set to application/json:


{    
  "OAuthProfile": {
    "<NameOfOAuthProfile>": {
      "ResourceURL": "string",
      "KeyFileName": "string",
      "AuthKey": "string",
      "UserInfoURL": "string",
      "UserInfoKey": "string", 
      "GroupInfoKey": "string",          
      "Overwrite": true|false
     }
   }
}

Where:

NameOfOAuthProfile: Required.; Specifies a name for the OAuth profile.; The name can be a maximum of 256 alphanumeric characters. The first character must not be a number.; After the profile is created, this name cannot be changed.
ResourceURL: Required if you are creating an OAuth profile.; Specifies the authorization server URL that is used to validate the access token.; The URL must include the protocol. The protocol can be either http or https.
KeyFileName: Specifies the name of the SSL certificate file to use with this OAuth profile. The file must exist on Eclipse Amlen.; The name can be a maximum of 255 alphanumeric characters. The first character must not be a number.
AuthKey: Specifies the name of the key that is used to store the access token.; The default value is access_token.
UserInfoURL: Specifies the authorization server URL that is used to retrieve the user information.; The URL must include the protocol. The protocol can be either http or https.
UserInfoKey: Specifies the name of the key that is used to store the user information.; The name must not have leading or trailing spaces and cannot contain control characters, commas, double quotation marks, backslashes, or equal signs.
GroupInfoKey: Specifies the name of the key that is used to retrieve the group information.; The name must not have leading or trailing spaces and cannot contain control characters, commas, double quotation marks, backslashes, or equal signs.; If this parameter is specified, Eclipse Amlen does not retrieve group information from any other source.
Overwrite: true|false: Specifies whether an existing certificate and key are overwritten if they have the same name.; The default value is false which means that an existing certificate and key are not overwritten if they have the same name.

Usage Notes®

The OAuth key file must be copied to Eclipse Amlen before it can be used in an OAuth profile. Copy a file from the local machine to Eclipse Amlen to copy the OAuth key file.
After you create the OAuth profile, you must associate it with a security profile.
The SSL certificate must have both private and public keys.
Depending on the configuration of the OAuth authorization server, the value of ResourceURL and UserInfoURL can be the same.
Capitalization and double quotation marks must be used as shown.

Related REST Administration APIs

Example

Creates an OAuth profile called "MyOAuthProfile" by using cURL:


curl -X POST \
   -H 'Content-Type: application/json'  \
   -d  '{ 
         "OAuthProfile": {   
           "MyOAuthProfile": {
             "ResourceURL": "http://myOAuthexample.com/home.jsp"                         
          }
        }
    }
 '  \
http://127.0.0.1:9089/ima/v1/configuration/

An example response to the POST method:


{        
  "Version": "v1",
  "Code": "CWLNA6011",
  "Message": "The requested configuration change has completed successfully."
}