You can use the OAuth samples file to try various APIs to solve the OAuth use cases. These samples cover a wide range of functionalities:
Auto configuration of Access Manager by creating scopes, resource server, and registering an OAuth client
Execute various OAuth flows and return the access token, refresh token, and ID token as per requirement.
Manage tokens by refreshing a token or revoking a token.
You can use the sample scripts as a trial to understand how the OAuth flow works with Access Manager.
The Access Manager administrator must perform the following tasks to use the sample scripts:
Enable the OAuth protocol for Identity Server.
Enable NAM_OAUTH2_DEVELOPER and NAM_OAUTH2_ADMIN roles for developers.
Extend the user store schema and add LDAP attribute to store user's consent and refresh token information.
Perform the following tasks:
Access Manager Administrator Tasks
Log in to the Access Manager Administration console.
Navigate to OAuth & OpenID Connect > Global Settings.
Specify the following values:
Authorization Grant LDAP Attribute: The LDAP attribute that can be used for storing the token information and the user consent.
CORS Domain: Select Allow All
Grant Type(s): Select all the options
Token Type(s): Select all the options
Signing Certificate: Add the signing certificate
Update Identity Server.
Client Developer Tasks
Download OAuth Samples from the Developer Documentation page.
From the OAuth Samples folder, go to try-now-scripts, then sampleScripts.
Open the config.txt file, then specify the values for the following parameters that are mentioned within the System Settings section:
username: OAuth developer username
password: OAuth developer password
user_email: OAuth developer email
userstore: Name of the user store that is configured for the IDP cluster (check with NAM administrator)
user_dn: Full domain name such as, cn=admin, o=novell.
Change the domain as per requirement.
idpurl: Identity server’s host and port
scope_username: Non-developer user name.
scope_password: Password for the user mentioned in scope_username.
scope_email: Email of the user mentioned in scope_username.
Run the required script to see it in action or run sample Scripts.sh to run all the scripts as a batch.
Sample |
Use Case |
---|---|
Authorization Flow |
|
authorizationFlow-accessToken-using-defaultresourceServer.sh |
Retrieve access token by using the default resource server that is configured in Access Manager. |
authorizationFlow-accessToken-usingRefreshtoken.sh |
Retrieve access token by using refresh token. |
authorizationFlow-accessToken-using-resourceServerKey.sh |
Retrieve access token that is encrypted using resource server key. |
authorizationFlow-accessToken-with-pkcePlain.sh |
Retrieve access token using pkce with the code_challenge_method as plain. |
authorizationFlow-accessToken-with-pkceS256.sh |
Retrieve access token using pkce with the code_challenge_method as s256. |
authorizationFlow-revoke-refreshToken.sh |
Revoke the refresh token |
authorizationFlow-revoke-refreshToken-using-globalDeviceID.sh |
Revoke the refresh token issued to a mobile device. |
idtoken-using-authorizationFlow.sh |
Retrieve ID token |
Client Credentials Flow |
|
clientCredentialFlow-accessToken-using-defaultResourceServer.sh |
Retrieve access token by using the default resource server that is configured in Access Manager. |
clientCredentialFlow-accessToken-using-resourceServerKey.sh |
Retrieve access token encrypted using resource server key. |
Implicit Flow |
|
idtoken-using-implicitFlow.sh |
Retrieve ID token |
implicitFlow-accessToken-using-defaultResourceServer.sh |
Retrieve access token by using the default resource server that is configured in Access Manager. |
implicitFlow-accessToken-using-resourceServerKey.sh |
Retrieve access token encrypted using the resource server key. |
Resource Owner Flow |
|
resourceOwnerFlow-accessToken-using-defaultResourceServer.sh |
Retrieve access token by using the default resource server that is configured in Access Manager. |
resourceOwnerFlow-accessToken-using-resourceServerKey.sh |
Retrieve access token encrypted using resource server key. |
resourceOwnerFlow-revoke-refreshToken.sh |
Revoke refresh token. |
resourceOwnerFlow-revoke-refreshToken-using-globalDeviceID.sh |
Revoke refresh token using the device ID. |
Manage and Validate |
|
deleteOauthResourceServer.sh |
Delete the resource server configured in Access Manager |
manageOAuthScope.sh |
Manage the OAuth scopes |
manageResourceServer.sh |
Manage the resource server configured in Access manager. |
accessToken-verification.sh |
Verify access token |