WAS v8.5 > Secure applications > Authorizing access to resources > OAuth > OAuth 2.0 services
Registering OAuth clients
An OAuth client or third-party service application must register itself with the WebSphere Application Server OAuth2 service provider. The registered clients are either stored as an XML file or in a database table.
To store registered clients as an XML file, you create an XML file called base.clients.xml. This XML file must be placed under the oauth20 directory in the WAS cell directory or node directory. The sample base.clients.xml file is in the properties directory of the WAS installation.
To store registered clients in database table, use this table creation SQL statement.
/*Client Table*/
CREATE TABLE OAuthDBSchema.OAUTH20CLIENTCONFIG (
COMPONENTID VARCHAR(256) NOT NULL, /*Name of OAuth Provider and matches config.xml*/
CLIENTID VARCHAR(256) NOT NULL, /*ID of client*/
CLIENTSECRET VARCHAR(256), /*Client secret*/
DISPLAYNAME VARCHAR(256) NOT NULL, /*Display name of the client*/
REDIRECTURI VARCHAR(2048), /*client redirect URI*/
ENABLED INT /*int*/
);
After creating the client storing files and tables, we can directly add, delete, or modify a client. We can also use WAS MBean or programming APIs to manage clients.
The following example illustrates sample code for client management using the client API:
import com.ibm.ws.security.oauth20.plugins.BaseClientProvider;
import com.ibm.ws.security.oauth20.plugins.BaseClient;
import com.ibm.ws.security.oauth20.api.OAuth20Provider;
import com.ibm.ws.security.oauth20.api.OAuth20ProviderFactory;
import com.ibm.ws.security.oauth20.plugins.db.CachedDBClientProvider;
OAuth20Provider provider = OAuth20ProviderFactory.getOAuth20Provider("<<provider_name>>");
OAuthComponentConfiguration oauthconfig = provider.getConfiguration();
CachedDBClientProvider clientProvider = new CachedDBClientProvider(); //if using Database for client store
//BaseClientProvider clientProvider = new BaseClientProvider(); //if using XML file for client store
clientProvider.init(oauthconfig);
// replace << .... >> with desired String
BaseClient newClient = new BaseClient(oauthconfig.getUniqueId(),
"<<client_id>>",
"<<client_secret>>",
"<<client displayName>>",
"<<redirect uri>>",
true);
//add a new client clientProvider.put(newClient);
//delete a client clientProvider.delete("<<client_id>>");
//query all registered clients Collection<BaseClient> clients = clientProvider.getAll();
for (BaseClient client : clients) {
String client_display_name = client.getDisplayName();
String client_id = client.getClientId();
String redirect_uri = client.getRedirectUri();}
The following example illustrates sample code for client management using the MBean API:
//get OAuth client mBean OAuth20ClientMBean
ObjectName objName = new ObjectName ("WebSphere:type=OAuth20ClientMBean,*");
AdminClient adminClient = ....;
// add a new client BaseClient newClient = new BaseClient(oauthconfig.getUniqueId(),
"<<<<client_id>>",
"<<client_secret>>",
"<<client displayName>>",
"<<redirect uri>>",
true);
adminClient.invoke(objName,
"addClient",
new Object[]{newClient},
new String[]{newClient.getClass().getName()});
//delete a client by client id
adminClient.invoke(objName,
"removeClient",
new Object[]{providerName, "<<client id>>"},
new String[]{providerName.getClass().getName(),
clientName.getClass().getName()});