Authenticating

Oracle Linux Automation Manager uses a certificate authority (CA) certificate with NGINX and Oauth2 for token based authentication to enable clients to connect securely to the server. Tokens are easily revoked and are best suited to third-party tooling integration.

Note:

The Oracle Linux Automation Manager Installation Guide document provides instructions for setting up the server with a self-signed certificate, however, Oracle recommends that you use a signed certificate to ensure the server is secure. If you use the self-signed certificate, then append -k to all Oracle Linux Automation Manager REST API curl or CLI requests to indicate that the request is insecure.

To setup an Oauth2 token for a user, do the following:

Open a terminal on the Oracle Linux Automation Manager server.
Run the following commands:
```
sudo su -l awx -s /bin/bash
awx-manage create_oauth2_token --user=<username>
```
In the previous example, <username> is the user name of the account for which you want to create a token.
The command generates a token that you must note down in a secure way so that you can use it when running cURL or CLI commands. For example, the following token is generated using the create_oauth2_token command:
```
JWjb1AyOJOWi4yPBYWC7NQofdNSjAM
```

To revoke all Oauth2 token for a user, do the following:

Open a terminal on the Oracle Linux Automation Manager server.
Run the following commands:
```
sudo su -l awx -s /bin/bash
awx-manage revoke_oauth2_tokens --user=<username>
```
In the previous example, <username> is the user name of the account for which you want to revoke all tokens. The command lists all revoked tokens for the user. For example, the following tokens are revoked when using the revoke_token2_tokens command:
```
revoked OAuth2AccessToken aeOy7IWqlt19Kc8Fu1IElsj2w6rCOz
revoked OAuth2AccessToken JWjb1AyOJOWi4yPBYWC7NQofdNSjAM
```