apm policy agent aaa-oauth
apm policy agent aaa-oauth(1) BIG-IP TMSH Manual apm policy agent aaa-oauth(1)
NAME
aaa-oauth - Manages an AAA OAuth(r) agent.
MODULE
apm policy agent
SYNTAX
Configure the aaa-oauth component within the policy agent module using the following syntax.
CREATE/MODIFY
create aaa-oauth [name]
modify aaa-oauth [name]
options:
app-service [[string] | none]
auth-redirect-request [name]
grant-type [authorization-code | password]
redirection-uri [string]
response [name]
scope [[string] | none]
scope-data-request [name]
server [name]
token-refresh-request [name]
token-request [name]
type [client | scope]
validation-scopes-request [name]
DISPLAY
list aaa-oauth
list aaa-oauth [ [ [name] | [glob] | [regex] ] ... ]
show running-config aaa-oauth
show running-config aaa-oauth [ [ [name] | [glob] | [regex] ] ... ]
options:
all
all-properties
current-module
non-default-properties
one-line
app-service
partition
DELETE
delete aaa-oauth [name]
DESCRIPTION
Use this component to create, modify, display, or delete an OAuth Client or OAuth Scope agent.
EXAMPLES
create aaa-oauth MyGoogleClient { auth-redirect-request GoogleAuthRedirectRequest grant-type authorization-code scope
"https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile" server myGoogleServer
token-request GoogleTokenRequest type client validation-scopes-request GoogleValidationScopesRequest } Creates the OAuth
Client agent to acquire an access_token from Google authorization server using authorization-code grant type. Defines two
scopes. The user's permission will be requested for the scopes.
create aaa-oauth MyGoogleScope { scope-data-request { https://www.googleapis.com/auth/userinfo.profile { request
GoogleScopeUserInfoProfileRequest } } server myGoogleServer type scope validation-scopes-request
GoogleValidationScopesRequest }
Creates OAuth Scope agent to get the list of scopes associated with the access_token, and defines the scope-data-
request to retrieve more information about user identity if the access_token contains the scope
"https://www.googleapis.com/auth/userinfo.profile".
list aaa-oauth
Displays a list of OAuth agents.
delete aaa-oauth MyGoogleScope
Deletes the MyGoogleScope OAuth agent.
OPTIONS
app-service
Specifies the name of the application service to which the object belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
object. Only the application service can modify or delete the object.
auth-redirect-request
OAuth Request name to be used for user redirect in order to obtain authorization code.
grant-type
Specifies grant type that should be used to request an access_token.
redirection-uri
Specifies redirection URI. The redirection URI is used by the Authorization Server to redirect user back after
authentication. The URI is a property of client application registered at authorization server. This option is used
along with 'authorization-code' grant type only.
response
Specifies the response config object name.
scope
The list of scopes to request user's permission for.
scope-data-request
Defines OAuth Request to obtain additional information from the resource server for the specified scope, using
access_token.
server
Specifies OAuth Server that represents the authorization server to work with.
token-refresh-request
Specifies OAuth Request to refresh an expired access_token.
token-request
Specifies OAuth Request to request an access_token.
type Type of the OAuth agent. Available options are: client or scope. Default value client. The type cannot be changed for
an existing OAuth agent.
validation-scopes-request
Specifies OAuth Request to validate the access_token (when agent type is client) or to retrieve list of scopes
associated with the access_token (when agent type is scope).
SEE ALSO
tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2011-2014, 2016. All rights reserved.
BIG-IP 2018-07-12 apm policy agent aaa-oauth(1)