OAuth 2.0
When using oauth2
authentication, a server will authenticate other servers trying to connect to it by validating the OAuth 2.0 access token presented by the connecting servers.
In the scenario depicted in the image above:
-
Because A enabled
authorization
, B must configure its route to provide an OAuth 2.0 access token when connecting to A. -
However, because B disabled
authorization
, A need not identify itself to B. A does not need to configure its route to provide an OAuth 2.0 access token when connecting to B.
The following table describes all required and optional route configuration parameters relating to the procurement of OAuth 2.0 access tokens. These parameters will need to be specified for any route that is connecting to an EMS server configured with OAuth 2.0 authentication.
Parameter | Description |
---|---|
oauth2_access_token_file
|
Specifies the path to a file containing an OAuth 2.0 access token to use for authenticating with the server on the other end of the route. If an access token is provided using this parameter, the EMS server will not attempt to obtain access tokens from an OAuth 2.0 authorization server even if |
oauth2_server_url
|
The HTTP(S) URL of the OAuth 2.0 authorization server that will issue the access token to be used for authenticating with the server on the other end of the route. |
oauth2_client_id
|
The OAuth 2.0 client ID to use when authenticating with the OAuth 2.0 authorization server.
This parameter and |
oauth2_client_secret
|
The OAuth 2.0 client secret to use when authenticating with the OAuth 2.0 authorization server.
This parameter and |
oauth2_grant_type
|
The grant type to use for requesting access tokens from the OAuth 2.0 authorization server. The type can be:
If the The default value of this parameter is |
oauth2_server_trust_file
|
Specifies the path to a file containing one or more PEM-encoded public certificates that can be used to validate a secure OAuth 2.0 authorization server's identity. This parameter is only required if an HTTPS URL was specified for |
oauth2_disable_verify_hostname
|
If set, the EMS server will not verify the name in the CN field of the OAuth 2.0 authorization server’s certificate. This parameter is optional and is disabled by default. |
oauth2_expected_hostname
|
The name that the EMS server expects in the CN field of the OAuth 2.0 authorization server's certificate. This parameter is optional. When it is not set, the expected name is the hostname of the authorization server. This parameter is not relevant when the |
See Authentication Using OAuth 2.0 more information about OAuth 2.0 authentication in EMS.