config-oauth-client
Configures the Spotfire Server in the role of an OAuth 2.0 client.
config-oauth-client
[-c value | --configuration=value]
[-b value | --bootstrap-config=value]
[-e <true|false> | --enabled=<true|false>]
[-s | --set-authz-server]
[-r | --remove-authz-server]
[-n value | --authz-server-name=value]
[--authz-server-enabled=<true|false>]
[--authz-server-metadata-url=value]
[--authz-server-client-id=value]
[--authz-server-client-secret=value]
[--authz-server-token-endpoint-auth-method=value]
[--authz-server-revocation-endpoint-auth-method=value]
[--authz-server-clear-resources=<true|false>]
{-Rvalue}
[--authz-server-clear-custom-params=<true|false>]
{-Pkey=value}
[--authz-server-include-resource-in-auth-req=<true|false>]
[--authz-server-include-resource-in-token-req=<true|false>]
[--authz-server-pushed-authorization-request-enabled=<true|false>]
[--authz-server-use-pkce=<true|false>]
Overview
This command is used for configuring the Spotfire Server in the role of an OAuth 2.0 client towards one or more OAuth 2.0 Authorization Servers. In this role the Spotfire Server may use OAuth 2.0 to establish an access token for calling external services (for example for fetching data). To configure user authentication through OpenID Connect see the 'config-oidc' command.
Options
Option | Optional or Required | Default Value | Description |
---|---|---|---|
|
Optional | configuration.xml |
The path to the server configuration file. |
|
Optional |
The path to the bootstrap configuration file. See the bootstrap.xml help topic for more information about this file. |
|
|
Optional | true |
Specifies whether the OAuth 2.0 client role should be enabled. |
|
Optional |
Indicates that an Authorization Server configuration should
be set (will replace the configuration for any existing Authorization Server
with the same name). Cannot be specified together with
|
|
|
Optional |
Indicates that an Authorization Server configuration should
be removed. Cannot be specified together with
|
|
|
Optional, unless either
--set-authz-server or
--remove-authz-server has been specified.
|
The name of the Authorization Server to set or remove. |
|
|
Optional, unless
--set-authz-server has been specified.
|
true |
Specifies whether or not the Authorization Server should be enabled. |
|
Optional, unless
--set-authz-server has been specified.
|
The URL to the Authorization Server's OAuth 2.0 Authorization Server Metadata (or OpenID Connect Discovery document). |
|
|
Optional, unless
--set-authz-server has been specified.
|
The client ID given by the Authorization Server during registration. |
|
|
Optional, unless
--set-authz-server has been specified.
|
The client secret given by the Authorization Server during registration. |
|
|
Optional | One of the algorithms listed as supported in the Metadata is used. |
The authentication method to use when communicating with the Authorization Server's Token Endpoint. May be one of the following:
'private_key_jwt' is not supported).
|
|
Optional | One of the algorithms listed as supported in the Metadata is used. |
The authentication method to use when communicating with the
Authorization Server's Revocation Endpoint. Can be one of the following:
'private_key_jwt' is not supported).
|
|
Optional | false |
By specifying this flag, the resource indicators are cleared
from the Authorization Server configuration. This flag can be used together
with the
|
|
Optional |
A resource indicator (as defined in RFC 8707) that should be
included (using the
|
|
|
Optional | false |
By specifying this flag, the custom parameters are cleared
from the Authorization Server configuration. This flag can be used together
with the
|
|
Optional |
A custom parameter that is included in the authorization request. Must not be any of the parameters controlled through other settings. This argument is optional and may be specified multiple times with different keys. |
|
|
Optional | false |
Specifies whether an RFC 8707 resource indicator (when available) should be included as a 'resource' parameter in requests to the Authorization Endpoint. |
|
Optional | false |
Specifies whether an RFC 8707 resource indicator (when available) should be included as a 'resource' parameter in requests to the Token Endpoint. |
|
Optional | true |
Specifies whether to use RFC 9126 pushed authorization requests (PAR), if they are supported by the Authorization Server. |
|
Optional | true |
Specifies whether PKCE (RFC 7636) should be used (if it is supported by the Authorization Server, according to the Authorization Server Metadata). |