apm oauth oauth-client-app
apm oauth oauth-client-app(1) BIG-IP TMSH Manual apm oauth oauth-client-app(1)
NAME
oauth-client-app - Manages client applications to use with OAuth
Authorization Server.
MODULE
apm oauth
SYNTAX
Configure the oauth-client-app component within the oauth module using
the following syntax.
CREATE/MODIFY
create oauth-client-app [name]
modify oauth-client-app [name]
options:
access-token-lifetime [integer]
app-description [[string] | none]
app-name [string]
app-service [[string] | none]
auth-code-lifetime [integer]
auth-type [none | secret | certificate]
client-cert-dn [[string] | none]
contact [[string] | none]
customization-group [[string] | none]
generate-refresh-token [true | false]
grant-code [enabled | disabled]
grant-password [enabled | disabled]
grant-token [enabled | disabled]
logo-url [[string] | none]
redirect-uris [add | delete | none | replace-all-with] {
[URI]
}
refresh-token-lifetime [integer]
refresh-token-usage-limit [integer]
regenerate-client-secret
reuse-access-token [true | false]
reuse-refresh-token [true | false]
scopes [add | delete | replace-all-with] {
[scope-name]
}
use-profile-token-mgmt-settings [true | false]
website-url [[string] | none]
edit oauth-client-app [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
DISPLAY
list oauth-client-app
list oauth-client-app [ [ [name] | [glob] | [regex] ] ... ]
show running-config oauth-client-app
show running-config oauth-client-app [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
DELETE
delete oauth-client-app [name]
DESCRIPTION
You can use the oauth-client-app component to register and manage
client applications that will make protected resource requests to the
OAuth Authorization server on behalf of the resource owner and with its
authorization.
EXAMPLES
create oauth-client-app myClientApplication {
app-description "Test App is an application that tests all grant types."
app-name "Test App"
grant-code enabled
grant-password enabled
grant-token enabled
logo-url "https://abc.cloud.net/www/public/assets/images/logos/testapp.png"
redirect-uris add { https://vm1.lab.fp.f5net.com/oauth2/f5_test.php }
scopes add { scope1 scope2 }
website-url "https://www.test.com"
}
Creates a client application named myClientApplication that will
use the generated client credentials to send requests to this
Authorization server. It can send token requests using any of the
three supported grant types (authorization code, resource owner
password credentials or implicit) and uses the default
authentication type "secret".
The authorization server will use the configured redirect uri to
re-direct back to the client. The client application is associated
with configured scopes named scope1 and scope2.
list oauth-client-app
Displays a list of registered client-apps.
delete oauth-client-app myClientApplication
Deletes the OAuth client application myClientApplication
OPTIONS
access-token-lifetime
Specifies the number of minutes for which the access token should
be valid. The default is 5 minutes.
app-description
Specifies a user-defined description for the client-app. The
default value is none.
app-service
Specifies the name of the application service to which the object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application
service can modify or delete the object.
auth-code-lifetime
Specifies the number of minutes for which the authorization code
should be valid. The default is 5 minutes.
auth-type
Specifies the authentication type the client will use when it
makes requests to the Authorization Server. The default value is
secret and other possible values are none and certificate.
client-cert-dn
Specifies the distinguished name of the client certificate that is
used to validate a request from client when authentication type is
set to certificate.
client-id
Specifies the client ID that uniquely identifies the client
application. This field will be auto-generated and should not be
specified or modified. Also, this entry cannot be edited once it
has been generated.
client-secret
Specifies the client secret that is used to validate a request
from client when authentication type is set to secret. This field
will be auto-generated and should not be specified or modified.
contact
Specifies a means to contact the developer of the client
application.
customization-group
Specifies the customization settings for the client application.
generate-refresh-token
Specifies whether a refresh token should be generated along with
the access token. This is applicable only for "Authorization Code"
and "Resource Owner Password Credentials" grant types.
grant-code
Specifies whether the client application will use the
"authorization code" grant type. The default value is disabled. At
least one grant type must be set to enabled.
grant-password
Specifies whether the client application will use the "resource
owner password credentials" grant type. The default value is
disabled.
grant-token
Specifies whether the client application will use the "implicit"
grant type. The default value is disabled.
logo-url
Specifies the path from which the logo of the client application
can be displayed.
[name]
Specifies the name of the OAuth Client Application. This setting
is required.
partition
Displays the partition within which the component resides.
redirect-uris
Specifies the list of re-direct URIs that the Authorization Server
will use to re-direct back to the client after processing a
request. This setting should have at least one entry if the client
application uses the authorization code grant type or the implicit
grant type.
refresh-token-lifetime
Specifies the number of minutes for which the refresh token should
be valid. The default is 480 minutes.
refresh-token-usage-limit
Specifies the maximum number of times the access token can be
obtained using the refresh token request. The default value is 0,
which represents unlimited number of times.
regenerate-client-secret
Indicates a request to regenerate the client secret. Do not use
other means to modify the secret.
reuse-access-token
Specifies whether an access token is reused or a new access token
is generated when it is obtained using refresh token request. When
the access token is reused, its expiry time is extended.
reuse-refresh-token
Specifies whether a refresh token is reused or a new refresh token
is generated when it is obtained using refresh token request.
scopes
Specifies the list of scopes that is to be associated with the
client application.
use-profile-token-mgmt-settings
Specifies whether the default settings that come from OAuth
profile must be used or not.
website-url
Specifies the website URL of the client application.
SEE ALSO
apm profile oauth
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2015-2016. All rights reserved.
BIG-IP 2016-06-30 apm oauth oauth-client-app(1)