apm profile oauth
apm profile oauth(1) BIG-IP TMSH Manual apm profile oauth(1)
NAME
oauth - Configures an oauth profile.
MODULE
apm profile
SYNTAX
Configure the oauth component within the profile module using the
syntax shown in the following sections.
CREATE/MODIFY
create oauth [name]
modify oauth [name]
options:
access-token-lifetime [integer]
app-service [[string] | none]
auth-code-lifetime [integer]
auth-url [string]
client-apps [add | delete | replace-all-with] {
[client-app-name]
}
db-instance [db-instance-name]
defaults-from [[string] | none]
generate-refresh-token [true | false]
per-user-token-limit [integer]
refresh-token-lifetime [integer]
refresh-token-usage-limit [integer]
resource-servers [add | delete | replace-all-with] {
[resource-server-name]
}
reuse-access-token [true | false]
reuse-refresh-token [true | false]
token-issuance-url [string]
token-revocation-url [string]
token-introspection-url [string]
edit oauth [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list oauth
list oauth [ [ [name] | [glob] | [regex] ] ... ]
show running-config oauth
show running-config oauth [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
partition
show oauth
show oauth [name]
DELETE
delete oauth [name]
DESCRIPTION
You can use the oauth component to configure an oauth profile. An oauth
profile is a pre-configured group of settings that you can use to
configure OAuth Authorization Server.
NOTE: For the oauth profile to take effect, this profile must be
associated with an access profile. (See man page for apm access
profile.)
EXAMPLES
create oauth myOAuthProfile {
defaults-from oauth
client-apps add { client_1 client_2}
resource-servers add { rs_1 rs_2}
db-instance db_test
auth-url /f5-oauth2/v1/authorize
token-issuance-url /f5-oauth2/v1/token
token-revocation-url /f5-oauth2/v1/revoke
token-introspection-url /f5-oauth2/v1/introspect
}
Creates an oauth profile named myOAuthProfile that is based on the
default oauth profile named oauth. The profile serves OAuth
requests from client applications named client_1 and client_2 and
resource servers named rs_1 and rs_2.
The profile uses db instance named db_test,
/f5_oauth2/v1/authorize as the authorization endpoint,
/f5-oauth2/v1/token as token issuance endpoint,
/f5-oauth2/v1/revoke as revocation endpoint, and
/f5-oauth2/v1/introspect as token introspection endpoint.
list oauth all all-properties
Displays a list of oauth profiles, including parameter values.
delete oauth myOAuthProfile
Deletes the oauth profile named myOAuthProfile.
OPTIONS
access-token-lifetime
Specifies the number of minutes for which the access token should
be valid. The default is 5 minutes.
app-service
Specifies the name of the application service to which the object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application
service can modify or delete the object.
auth-code-lifetime
Specifies the number of minutes for which the authorization code
should be valid. The default is 5 minutes.
auth-url
Specifies the path of the authorization endpoint that is used to
authenticate the resource owner and provide the authorization
code. The default is /f5-oauth2/v1/authorize.
client-apps
Specifies the list of client applications that is served by the
OAuth Authorization Server associated with this profile.
db-instance
Specifies the db instance that is used to store tokens generated
by the OAuth Authorization Server that is associated with this
profile.
defaults-from
Specifies the default oauth profile from which this profile is
created. The default is oauth.
generate-refresh-token
Specifies whether a refresh token should be generated along with
the access token. This is applicable only for "Authorization Code"
and "Resource Owner Password Credentials" grant types.
per-user-token-limit
Specifies the maximum number of active access tokens that can be
generated for a user. The default is 255. The range is 0 to 5000.
refresh-token-lifetime
Specifies the number of minutes for which the refresh token should
be valid. The default is 480 minutes.
refresh-token-usage-limit
Specifies the maximum number of times the access token can be
obtained using the refresh token request. The default value is 0,
which represents unlimited number of times.
resource-servers
Specifies the list of resource servers that is served by the OAuth
Authorization Server that is associated with this profile.
reuse-access-token
Specifies whether an access token is reused or a new access token
is generated when it is obtained using refresh token request. When
the access token is reused, its expiry time is extended.
reuse-refresh-token
Specifies whether a refresh token is reused or a new refresh token
is generated when it is obtained using refresh token request.
token-issuance-url
Specifies the path of token issuance endpoint that is used to
issue an access token and possibly a refresh token. The default is
/f5-oauth2/v1/token.
token-revocation-url
Specifies the path of token revocation endpoint that is used to
revoke an access token or a refresh token. The default is
/f5-oauth2/v1/revoke.
token-introspection-url
Specifies the path of token introspection endpoint that is used to
introspect an access token. The default is
/f5-oauth2/v1/introspect.
SEE ALSO
apm oauth, apm policy
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2015-2016. All rights reserved.
POD ERRORS
Hey! The above document had some coding errors, which are explained
below:
Around line 70:
You can't have =items (as at line 87) unless the first thing after
the =over is an =item
BIG-IP 2016-08-29 apm profile oauth(1)