|
OAuth 2.0
This section discusses how to configure Panopticon Streams to use the OAuth 2.0 for authorization. Upon a logon request, Panopticon Streams will redirect the user to the Login page provided by the OAuth 2.0.
Note that OAuth 2.0 does not normally provide support on how to authenticate the user, Panopticon Streams will only know if the user is authorized or not. To authenticate the user, Panopticon Streams can be configured to use a REST service to extract the user identity with an access token retrieved from the OAuth 2.0 provider. In addition to the standard OAuth 2.0 configurations, the server includes properties (i.e., authentication.oauth2.*) that are specifically used to extract the user details.
authentication.type=OAUTH2
|
Property |
Description |
|
authentication.oauth2.client.id |
The ID of the OAuth 2.0 client. |
|
authentication.oauth2.client.secret |
The secret used by the OAuth 2.0 client. |
|
authentication.oauth2.identity.attribute.username |
The attribute that will be extracted from the identity response and used as the username. |
|
authentication.oauth2.identity.url |
The URL to the REST service that provides details about the authenticated user. |
|
authentication.oauth2.login.callback.url |
The callback URL. The URL should be the same as one of the specified callback URLs used by the client. The URL should refer to Panopticon Streams |
|
authentication.oauth2.login.response.type |
The response type. The only response type that is currently supported is CODE. The value can also be left blank. |
|
authentication.oauth2.login.scope |
The requested scope. The field can be left blank. |
|
authentication.oauth2.login.state |
The requested state. The field can be left blank. |
|
authentication.oauth2.login.url |
The URL to the OAuth 2.0 login resource. |
|
authentication.oauth2.logout.url |
The URL to the OAuth 2.0 logout resource. This field can be left blank. |
|
authentication.oauth2.token.method |
The method on how the token should be retrieved. Supported values are QUERY, BODY, and HEADER. |
|
authentication.oauth2.token.url |
The URL to the OAuth 2.0 token resource. |
Example
authentication.oauth2.client.id=ClientId
authentication.oauth2.client.secret=ClientSecret
authentication.oauth2.identity.attribute.username=name
authentication.oauth2.identity.url=https://oauth2/me
authentication.oauth2.login.callback.url=http://localhost:8080/panopticon/server/rest/auth/login
authentication.oauth2.login.response.type=CODE
authentication.oauth2.login.scope=
authentication.oauth2.login.state=
authentication.oauth2.login.url=https://oauth2/authorize
authentication.oauth2.logout.url=
authentication.oauth2.token.method=QUERY
authentication.oauth2.token.url=https://oauth2/access_token
authentication.type=OAUTH2