apm policy agent aaa-oauth
apm policy agent aaa-oauth(1) BIG-IP TMSH Manual apm policy agent aaa-oauth(1)
NAME
aaa-oauth - Manages an AAA OAuth(r) agent.
MODULE
apm policy agent
SYNTAX
Configure the aaa-oauth component within the policy agent module using
the following syntax.
CREATE/MODIFY
create aaa-oauth [name]
modify aaa-oauth [name]
options:
app-service [[string] | none]
auth-redirect-request [name]
grant-type [authorization-code | password]
redirection-uri [string]
response [name]
scope [[string] | none]
scope-data-request [name]
server [name]
token-refresh-request [name]
token-request [name]
type [client | scope]
validation-scopes-request [name]
DISPLAY
list aaa-oauth
list aaa-oauth [ [ [name] | [glob] | [regex] ] ... ]
show running-config aaa-oauth
show running-config aaa-oauth [ [ [name] | [glob] | [regex] ] ... ]
options:
all
all-properties
current-module
non-default-properties
one-line
app-service
partition
DELETE
delete aaa-oauth [name]
DESCRIPTION
Use this component to create, modify, display, or delete an OAuth
Client or OAuth Scope agent.
EXAMPLES
create aaa-oauth MyGoogleClient { auth-redirect-request
GoogleAuthRedirectRequest grant-type authorization-code scope
"https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile" server myGoogleServer
token-request GoogleTokenRequest type client validation-scopes-request
GoogleValidationScopesRequest } Creates the OAuth Client agent to
acquire an access_token from Google authorization server using
authorization-code grant type. Defines two scopes. The user's
permission will be requested for the scopes.
create aaa-oauth MyGoogleScope { scope-data-request {
https://www.googleapis.com/auth/userinfo.profile { request
GoogleScopeUserInfoProfileRequest } } server myGoogleServer type scope
validation-scopes-request GoogleValidationScopesRequest }
Creates OAuth Scope agent to get the list of scopes associated
with the access_token, and defines the scope-data-request to
retrieve more information about user identity if the access_token
contains the scope
"https://www.googleapis.com/auth/userinfo.profile".
list aaa-oauth
Displays a list of OAuth agents.
delete aaa-oauth MyGoogleScope
Deletes the MyGoogleScope OAuth agent.
OPTIONS
app-service
Specifies the name of the application service to which the object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application
service can modify or delete the object.
auth-redirect-request
OAuth Request name to be used for user redirect in order to obtain
authorization code.
grant-type
Specifies grant type that should be used to request an
access_token.
redirection-uri
Specifies redirection URI. The redirection URI is used by the
Authorization Server to redirect user back after authentication.
The URI is a property of client application registered at
authorization server. This option is used along with
'authorization-code' grant type only.
response
Specifies the response config object name.
scope
The list of scopes to request user's permission for.
scope-data-request
Defines OAuth Request to obtain additional information from the
resource server for the specified scope, using access_token.
server
Specifies OAuth Server that represents the authorization server to
work with.
token-refresh-request
Specifies OAuth Request to refresh an expired access_token.
token-request
Specifies OAuth Request to request an access_token.
type Type of the OAuth agent. Available options are: client or scope.
Default value client. The type cannot be changed for an existing
OAuth agent.
validation-scopes-request
Specifies OAuth Request to validate the access_token (when agent
type is client) or to retrieve list of scopes associated with the
access_token (when agent type is scope).
SEE ALSO
tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2011-2014, 2016. All rights
reserved.
BIG-IP 2018-07-12 apm policy agent aaa-oauth(1)