config-oauth-client

Configures the Spotfire Server in the role of an OAuth 2.0 client.

config-oauth-client 
[-c value | --configuration=value] 
[-b value | --bootstrap-config=value] 
[-e <true|false> | --enabled=<true|false>] 
[-s | --set-authz-server] 
[-r | --remove-authz-server] 
[-n value | --authz-server-name=value] 
[--authz-server-enabled=<true|false>] 
[--authz-server-metadata-url=value] 
[--authz-server-client-id=value] 
[--authz-server-client-secret=value] 
[--authz-server-token-endpoint-auth-method=value] 
[--authz-server-revocation-endpoint-auth-method=value] 
[--authz-server-clear-resources=<true|false>] 
{-Rvalue} 
[--authz-server-clear-custom-params=<true|false>] 
{-Pkey=value} 
[--authz-server-include-resource-in-auth-req=<true|false>] 
[--authz-server-include-resource-in-token-req=<true|false>]
[--authz-server-pushed-authorization-request-enabled=<true|false>]
[--authz-server-use-pkce=<true|false>]

Overview

This command is used for configuring the Spotfire Server in the role of an OAuth 2.0 client towards one or more OAuth 2.0 Authorization Servers. In this role the Spotfire Server may use OAuth 2.0 to establish an access token for calling external services (for example for fetching data). To configure user authentication through OpenID Connect see the 'config-oidc' command.

Options


Option	Optional or Required	Default Value	Description
`-c value --configuration=value`	Optional	configuration.xml	The path to the server configuration file.
`-b value --bootstrap-config=value`	Optional		The path to the bootstrap configuration file. See the bootstrap.xml help topic for more information about this file.
`-e <true\|false> --enabled=<true\|false>`	Optional	true	Specifies whether the OAuth 2.0 client role should be enabled.
`-s --set-authz-server`	Optional		Indicates that an Authorization Server configuration should be set (will replace the configuration for any existing Authorization Server with the same name). Cannot be specified together with `--remove-authz-server`.
`-r --remove-authz-server`	Optional		Indicates that an Authorization Server configuration should be removed. Cannot be specified together with `--set-authz-server`.
`-n value --authz-server-name=value`	Optional, unless either `--set-authz-server` or `--remove-authz-server` has been specified.		The name of the Authorization Server to set or remove.
`--authz-server-enabled=<true\|false>`	Optional, unless `--set-authz-server` has been specified.	true	Specifies whether or not the Authorization Server should be enabled.
`--authz-server-metadata-url=value`	Optional, unless `--set-authz-server` has been specified.		The URL to the Authorization Server's OAuth 2.0 Authorization Server Metadata (or OpenID Connect Discovery document).
`--authz-server-client-id=value`	Optional, unless `--set-authz-server` has been specified.		The client ID given by the Authorization Server during registration.
`--authz-server-client-secret=value`	Optional, unless `--set-authz-server` has been specified.		The client secret given by the Authorization Server during registration.
`--authz-server-token-endpoint-auth-method=value`	Optional	One of the algorithms listed as supported in the Metadata is used.	The authentication method to use when communicating with the Authorization Server's Token Endpoint. May be one of the following: `'client_secret_basic'` `'client_secret_post'` `'client_secret_jwt'` (`'private_key_jwt'` is not supported).
`--authz-server-revocation-endpoint-auth-method=value=<true\|false>`	Optional	One of the algorithms listed as supported in the Metadata is used.	The authentication method to use when communicating with the Authorization Server's Revocation Endpoint. Can be one of the following: `'client_secret_basic'` `'client_secret_post'` `'client_secret_jwt'` (`'private_key_jwt'` is not supported).
`--authz-server-clear-resources=<true\|false>`	Optional	false	By specifying this flag, the resource indicators are cleared from the Authorization Server configuration. This flag can be used together with the `-R` flag to remove all old resource indicators before adding the new.
`-Rvalue`	Optional		A resource indicator (as defined in RFC 8707) that should be included (using the `'request'` parameter) in authorization requests. This argument is optional and can be specified multiple times with different values.
`--authz-server-clear-custom-params=<true\|false>`	Optional	false	By specifying this flag, the custom parameters are cleared from the Authorization Server configuration. This flag can be used together with the `-P` flag to remove all old custom parameters before adding the new.
`-Pkey=value`	Optional		A custom parameter that is included in the authorization request. Must not be any of the parameters controlled through other settings. This argument is optional and may be specified multiple times with different keys.
`--authz-server-include-resource-in-auth-req=<true\|false>`	Optional	false	Specifies whether an RFC 8707 resource indicator (when available) should be included as a 'resource' parameter in requests to the Authorization Endpoint.
`--authz-server-include-resource-in-token-req=<true\|false>`	Optional	false	Specifies whether an RFC 8707 resource indicator (when available) should be included as a 'resource' parameter in requests to the Token Endpoint.
`--authz-server-pushed-authorization-request-enabled=<true\|false>`	Optional	true	Specifies whether to use RFC 9126 pushed authorization requests (PAR), if they are supported by the Authorization Server.
`--authz-server-use-pkce=<true\|false>`	Optional	true	Specifies whether PKCE (RFC 7636) should be used (if it is supported by the Authorization Server, according to the Authorization Server Metadata).