Rest API to create OAUTH2 Provider service for a realm

This topic has 9 replies, 4 voices, and was last updated 5 years, 1 month ago by Peter Major.

  • Author
    Posts
  • #8991
     akradhak
    Participant

    We want to create a OAUTH2 Provider Service for a realm. We were able to create it via ssoadm, but not finding any API, to create the OAUTH2 Provider service after the realm creation. I tried creating realm with service option..

    curl \
    –request POST \
    –header “iplanetDirectoryPro: AQIC5w…2NzEz*” \
    –header “Content-Type: application/json” \
    –data ‘{ “realm”: “myRealm” }’ \ https://openam.example.com:8443/openam/json/realms/?_action=create
    {“realmCreated”:”/myRealm”, “serviceNames”:[“iPlanetAMAuthOATHService”]}

    But the OAuth2 Provider Service is not available, If I navigate realm > Services..

    Is there a way to create a service “OAUTH2” using rest api?. Thanks in advance.

    #8992
     Scott Heger
    Participant

    The correct endpoint would be /openam/frrest/oauth2/client/?_action=create

    See https://bugster.forgerock.org/jira/browse/OPENAM-5385 for an example on usage.

    • This reply was modified 6 years, 3 months ago by Scott Heger.
    #8994
     Scott Heger
    Participant

    Oh, sorry, disregard. I thought you were asking how to create an oauth client within your realm.

    #8995
     Scott Heger
    Participant

    I don’t believe you can add services to a realm via REST yet.

    #9179
     Peter Major
    Moderator

    Theoretically 13.5.0 will have this endpoint, but not sure if it is going to be officially supported just yet.

    #9981
     akradhak
    Participant

    Thanks Peter. We are waiting eagerly for this end point.

    #17533
     bryantidd
    Participant

    What is the status of this? It is very difficult to automate the setup and configuration of OpenAM currently. You can get all the way to adding services to realms, then have to go to UI, add OAuth2 Provider, then can finish via automation…

    Self-Documenting would help us too…

    #17536
     Peter Major
    Moderator

    With 13.5.0 you can use ssoadm to automate the configuration changes.

    If you capture the network traffic in XUI when you create the OAuth2 provider you should be able to see the REST call that creates the OAuth2 provider service configuration.

    #17553
     bryantidd
    Participant

    So 13.5 does it differently from 13.0? Because in looking at 13.0 traffic, it goes through a mess of JATO bean views that make it almost impossible to automate.

    Since we use 13.0 and not 13.5, and we would have to certify our applications that interact with OpenAM (which takes a long time…) What is the best way forward? I know that ssoadm can add the provider, but I need to be able to do it remotely via an api, so should I hack my own REST api that calls ssoadm or what?

    I understand that much of the codebase to date (of 13.0 ) has a long legacy and therefore high tech debt ratio…is that changed drastically in 13.5 or 5? If so, that may make testing a migration to either time consuming, but may be worth it if we get away from sudo REST and JATO, etc.

    Thanks!

    #17555
     Peter Major
    Moderator

    Take the non-lazy approach and create the OAuth2 provider service manually – or create the config using the wizard and then try to update the configuration and then capture the full JSON sent to the relevant CREST endpoint. You should be able to use that JSON with a ?_action=create request to create your service later on.

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?