WAS v8.5 > Secure applications > Authorizing access to resources > OAuthOAuth 2.0 services
WebSphere Application Server OAuth services include both OAuth authorization service and web resource authorization decision service.
OAuth 2.0 authorization service provides all OAuth 2.0 protocol endpoint URLs, and is responsible for client authorization and token issuing.
Web resource authorization decision service is a combination of standard WAS J2EE security and WAS trusted association interceptors (TAI). When a client accesses a J2EE secured web resource, the OAuth TAI intercepts the request, validates the OAuth token, and maps the OAuth token to the WAS platform security subject. From then on, the client is assessed and authorized based on the authenticated subject.
Subtopics
- Define an OAuth service provider
The OAuth service provider is defined with a provider configuration file. We can define an OAuth service provider by editing the OAuthSampleConfig.xml file.- Create an OAuth service provider
- Configure auto consent
- Enable your system to use the OAuth 2.0 feature
- OAuth endpoint URLs
After OAuth 2.0 is enabled, several endpoint URLs are configured on the WAS so that OAuth clients can communicate with the OAuth service provider before accessing OAuth protected resources.- Registering OAuth clients
An OAuth client or third-party service application must register itself with the WAS OAuth2 service provider. The registered clients are either stored as an XML file or in a database table.- OAuth TAI custom properties
The following tables list the custom properties for the OAuth TAI. We can define these properties in the custom properties panel for the OAuth TAI using the dmgr console.- OAuth command group for AdminTask
We can use the Jython or Jacl scripting languages to configure OAuth with wsadmin. The commands and parameters in the OAuth group can be used to configure the OAuth Trust Association Interceptor (TAI) and to manage the OAuth provider configuration.- OAuth MBeans
We can manage an OAuth configuration using MBean programming.- Dynamic cache objects for OAuth
WAS OAuth support provides two options for OAuth token and client persistence: in-memory and database.