apm policy agent aaa-oauth
apm policy agent aaa-oauth(1) BIG-IP TMSH Manual apm policy agent aaa-oauth(1)
NAME
aaa-oauth - Manages an AAA OAuth(r) agent.
MODULE
apm policy agent
SYNTAX
Configure the aaa-oauth component within the policy agent module using the following syntax.
CREATE/MODIFY
create aaa-oauth [name]
modify aaa-oauth [name]
options:
app-service [[string] | none]
auth-redirect-request [name]
grant-type [authorization-code | password]
redirection-uri [string]
response [name]
scope [[string] | none]
scope-data-request [name]
server [name]
token-refresh-request [name]
token-request [name]
type [client | scope]
validation-scopes-request [name]
DISPLAY
list aaa-oauth
list aaa-oauth [ [ [name] | [glob] | [regex] ] ... ]
show running-config aaa-oauth
show running-config aaa-oauth [ [ [name] | [glob] | [regex] ] ... ]
options:
all
all-properties
current-module
non-default-properties
one-line
app-service
partition
DELETE
delete aaa-oauth [name]
DESCRIPTION
Use this component to create, modify, display, or delete an OAuth Client or OAuth Scope agent.
EXAMPLES
create aaa-oauth MyGoogleClient { auth-redirect-request GoogleAuthRedirectRequest grant-type authorization-
code scope "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"
server myGoogleServer token-request GoogleTokenRequest type client validation-scopes-request
GoogleValidationScopesRequest } Creates the OAuth Client agent to acquire an access_token from Google
authorization server using authorization-code grant type. Defines two scopes. The user's permission will be
requested for the scopes.
create aaa-oauth MyGoogleScope { scope-data-request { https://www.googleapis.com/auth/userinfo.profile {
request GoogleScopeUserInfoProfileRequest } } server myGoogleServer type scope validation-scopes-request
GoogleValidationScopesRequest }
Creates OAuth Scope agent to get the list of scopes associated with the access_token, and defines the
scope-data-request to retrieve more information about user identity if the access_token contains the
scope "https://www.googleapis.com/auth/userinfo.profile".
list aaa-oauth
Displays a list of OAuth agents.
delete aaa-oauth MyGoogleScope
Deletes the MyGoogleScope OAuth agent.
OPTIONS
app-service
Specifies the name of the application service to which the object belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
modify or delete the object. Only the application service can modify or delete the object.
auth-redirect-request
OAuth Request name to be used for user redirect in order to obtain authorization code.
grant-type
Specifies grant type that should be used to request an access_token.
redirection-uri
Specifies redirection URI. The redirection URI is used by the Authorization Server to redirect user back
after authentication. The URI is a property of client application registered at authorization server.
This option is used along with 'authorization-code' grant type only.
response
Specifies the response config object name.
scope
The list of scopes to request user's permission for.
scope-data-request
Defines OAuth Request to obtain additional information from the resource server for the specified scope,
using access_token.
server
Specifies OAuth Server that represents the authorization server to work with.
token-refresh-request
Specifies OAuth Request to refresh an expired access_token.
token-request
Specifies OAuth Request to request an access_token.
type Type of the OAuth agent. Available options are: client or scope. Default value client. The type cannot
be changed for an existing OAuth agent.
validation-scopes-request
Specifies OAuth Request to validate the access_token (when agent type is client) or to retrieve list of
scopes associated with the access_token (when agent type is scope).
SEE ALSO
tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2011-2014, 2016. All rights reserved.
BIG-IP 2018-07-12 apm policy agent aaa-oauth(1)