OAuth 2.0

When using oauth2 authentication, a server will authenticate other servers trying to connect to it by validating the OAuth 2.0 access token presented by the connecting servers.

In the scenario depicted in the image above:

  • Because A enabled authorization, B must configure its route to provide an OAuth 2.0 access token when connecting to A.

  • However, because B disabled authorization, A need not identify itself to B. A does not need to configure its route to provide an OAuth 2.0 access token when connecting to B.

The following table describes all required and optional route configuration parameters relating to the procurement of OAuth 2.0 access tokens. These parameters will need to be specified for any route that is connecting to an EMS server configured with OAuth 2.0 authentication.

Parameter Description
oauth2_access_token_file

Specifies the path to a file containing an OAuth 2.0 access token to use for authenticating with the server on the other end of the route.

If an access token is provided using this parameter, the EMS server will not attempt to obtain access tokens from an OAuth 2.0 authorization server even if oauth2_server_url and other relevant route configuration parameters are set.

oauth2_server_url The HTTP(S) URL of the OAuth 2.0 authorization server that will issue the access token to be used for authenticating with the server on the other end of the route.
oauth2_client_id

The OAuth 2.0 client ID to use when authenticating with the OAuth 2.0 authorization server.

This parameter and oauth2_client_secret are both required in order to obtain access tokens from the authorization server, regardless of the grant type to be used.

oauth2_client_secret

The OAuth 2.0 client secret to use when authenticating with the OAuth 2.0 authorization server.

This parameter and oauth2_client_id are both required in order to obtain access tokens from the authorization server, regardless of the grant type to be used.

oauth2_grant_type

The grant type to use for requesting access tokens from the OAuth 2.0 authorization server.

The type can be:

If the password grant is specified, the server and password parameter values are used as the username and password for the grant.

The default value of this parameter is client_credentials.

oauth2_server_trust_file

Specifies the path to a file containing one or more PEM-encoded public certificates that can be used to validate a secure OAuth 2.0 authorization server's identity.

This parameter is only required if an HTTPS URL was specified for oauth2_server_url.

oauth2_disable_verify_hostname

If set, the EMS server will not verify the name in the CN field of the OAuth 2.0 authorization server’s certificate.

This parameter is optional and is disabled by default.

oauth2_expected_hostname

The name that the EMS server expects in the CN field of the OAuth 2.0 authorization server's certificate.

This parameter is optional. When it is not set, the expected name is the hostname of the authorization server.

This parameter is not relevant when the oauth2_disable_verify_hostname parameter is set to true.

See Authentication Using OAuth 2.0 more information about OAuth 2.0 authentication in EMS.