Configuring an OAuth 2.0 client

You can configure an OAuth 2.0 client to create a client ID and secret for authentication when you are sending requests to the OpenPages® REST API V1 and V2 on IBM OpenPages on premises or IBM OpenPages on Cloud.

You can also use the OAuth 2.0 client ID and secret when you run commands from the command-line interface (CLI). For more information, see Running CLI commands by using OAuth 2.0 authentication.

When you create a client, it is automatically enabled. To disable a client, see Enabling and disabling OAuth 2.0 clients.

Note: Client secrets have a limited life. By default, client secrets expire 365 days after you create them. To change the number of days before client secrets expire, set Applications > Common > Administration > Oauth2 Client Expiry to the number of days you want.

Before you begin

Make sure that you completed the steps to log in to the application server and install the oauth-2.0 and IBM® WebSphere® Liberty openidConnectClient-1.0 features.

For more information, see Setting up native OAuth 2.0 authentication.

About this task

In this task, you configure an OAuth 2.0 client with a functional user. The client exchanges its application credentials, client ID, and client secret, for an access token from the authorization server hosted by OpenPages. The client makes requests, by using the Bearer token, to the OpenPages REST API. The API authenticates the Bearer token and treats the request as if it was made by the functional user account.

To do this task, you need the Oauth2 application permission.

Procedure

  1. Click Open Administration menu Administration menu > Users and Security > OAuth 2.0 Configuration.
  2. Click New.
  3. Enter a Client ID.
    You can enter up to 256 characters. The characters can be letters, numbers, spaces, periods (.), underscores (_), or dashes (-).
  4. Optional: Enter a Description of the client.
  5. Select the User to run client actions.
  6. Click Save and generate client secret.
    The client secret and its expiry date are displayed.
  7. Click Copy Copy button to copy the secret.
    Ensure that you retain the client secret. You will need it to configure an IBM WebSphere Liberty server to act as the Authorization Server and an OpenID Connect Client.
  8. Click Done.
    The client is automatically enabled.