Configuring OAuth access
If you want to use an OAuth authentication service to provide secure delegated access to Maximo® Manage data, you can configure OAuth access by using the HTTP handler that is provided in the integration framework.
Before you begin
Administrators must grant the appropriate authorizations to the MAXOAUTHCLIENT object structure by using the Security Groups application.
Because most OAuth handshakes are done over TLS, the Manage truststore must also be updated with the CA trust chain of the OAuth provider.
About this task
Maximo Manage supports the OAuth 2.0 client credentials grant type. Using this flow, Maximo Manage sends a client ID and client secret to the URL of the OAuth provider for authentication and receives an access token.
The date and time that the access token is created are stored in the MAXOAUTHCLIENT object. The OAuth provider specifies an expiration interval for the access token, and the token expires at the end of that interval. After expiration, a new token is generated when a new authentication request occurs.
- You can add or modify clients in the End Points application.
- You can add or modify clients by using a REST API call.
Adding or modifying OAuth clients in the End Points application
In the End Points application, you can add OAuth clients or update existing clients.
Procedure
Adding or modifying OAuth clients by using a REST API
The HTTP handler endpoint includes an oauthclient property. To add a client by using a REST API call, you must specify the value for the clientname attribute in the oauthclient property.
Procedure
POST /oslc/os/mxapioauthclient?lean=1&ctx=ccrypto=1
{
"clientname":"{user-defined name for the client}",
"clientid":"{ID that is provided by the OAuth provider}",
"clientsecret":"{secret that is provided by the OAuth provider}",
"scope":"{optional scope}",
"tokenurl":"{token URL that is provided by the OAuth provider}"
}