1. OAuth2 based Web Services Access Authentication
  2. Enabling OAuth Setup Configurations
  3. Getting Access Token
  4. How OFSLL API works with access token?

3.5.1 How OFSLL API works with access token?

  1. Client calls OFSLL authentication API (OFSLL REST API) with required headers along with body and obtains the token as response.
  2. OFSLL REST API validates the token and retrieves the user ID from access token.
  3. If the token is valid, then provides access to the protected resource.

    Note:

    To use OAM OAuth API, update the following OFSLL system parameters with valid values.

    Table 3-1 OFSLL system parameters with valid values

    OFSLL System Parameter Name Default Value Actual Value Required to configure OAuth Feature
    OAM_OAUTH_ENABLED_IND SETME Y
    OAM_OAUTH_TOKEN_URL SETME http://<hostname>:<port>/oauth 2/rest/token
    OAM_OAUTH_TOKEN_VALID_URL SETME http://<hostname>:<port>/oauth 2/rest/token/info?access_token =<AccessToken>

    While client applications are allowed to access OAM OAuth REST API directly, it is recommended for clients to access OFSLL Authentication REST API for all token generation and token validation features.

    Authentication Resource URL:

    http://<<hostname>>:<<port>>/<<context_path>>/service/api/resources/auth/token

Parent topic: Getting Access Token