OAuth 2.0 endpoints
Endpoints provide OAuth clients the ability to communicate with the OAuth server or authorization server within a definition.
All endpoints can be accessed through URLs. The syntax of the URLs is specific to the purpose of the access.
If you are responsible for installing and configuring the appliance, you might find it helpful to be familiar with these endpoints and URLs.
API protection definitions
https://<hostname:port>/<junction>/sps/oauth/oauth20
For
example: https://server.oauth.com/mga/sps/oauth/oauth20
- There is only a single set of endpoints.
- Not all authorization grant types use all three endpoints in a single OAuth 2.0 flow.
Endpoint name | Description | Example |
---|---|---|
Authorization endpoint | An authorization URL where the resource owner grants authorization to the OAuth client to access the protected resource. | https://server.oauth.com/mga/sps/oauth/oauth20/authorize |
Token endpoint | A token request URL where the OAuth client exchanges an authorization grant for an access token and an optional refresh token. | https://server.oauth.com/mga/sps/oauth/oauth20/token |
Clients manager endpoint | A URL for resource owners to manage their trusted clients. The resource owner can use the clients manager endpoint to access and modify the list of clients that are authorized to access the protected resource. The trusted clients manager shows the client name and permitted scope of an authorized client. Note: The list does not show clients
that are disabled or deleted from the definition.
The resource owner can optionally remove trusted client information from the list. In doing so, the resource owner is prompted for consent to authorize the next time the OAuth client attempts to access the protected resource. |
https://server.oauth.com/mga/sps/oauth/oauth20/clients |
Session endpoint | A
URL where an access_token can be exchanged for a
web session. The client uses the endpoint to obtain an authenticated
web session for the resource owner that is typically used in hybrid
mobile application scenarios.
Note: The session endpoint is disabled
by default and can be enabled by using advanced configuration.
The
client must send a POST request with the access_token in
the body.
|
https://server.oauth.com/mga/sps/oauth/oauth20/session |
Authorization grant management endpoint | A URL where you can view your authorization grants and the tokens and attributes of each authorization grant. |
http://server.oauth.com/mga/sps/mga/user/mgmt/html/device/device_selection.html |
Logout endpoint | A URL where you can end a session by revoking an access_token. The token must be provided in the Authorization header or a session cookie must be used. | http://server.oauth.com/mga/sps/oauth/oauth20/logout |
Introspect endpoint | A URL where an access_token can be inspected
by an oauth_client. For more details, see OAuth introspection. Note: The introspect endpoint is
disabled by default and can be enabled by using the advanced configuration.
|
https://server.oauth.com/mga/sps/oauth/oauth20/introspect |