2.2 Registering an OAuth Client Application

Access Manager issues tokens to confidential clients. To get the token, you must register the OAuth client application with Access Manager Identity Server (authorization server).

2.2.1 Requirements

To register, ensure that you have the information about the following requirements:

  • A valid account is created in the Access Manager Identity Server (authorization server).

  • The account is enabled with the OAuth developer role.

  • (Conditional) If you require Identity Server to issue the refresh token, you must inform the Access Manager administrator to enable the Refresh Token option in the OAuth global settings.

    If the administrator has not enabled the Refresh Token option in OAuth Global Settings, Identity Server does not issue the refresh token even when you register the application using the token type as a refresh token.

    NOTE:Refresh tokens are issued for authorization code flow and resource owner flow.

  • The credentials to access the user portal of Access Manager.

    To get the credentials, check with the Access Manager administrator. Also, get the URL and port of the Access Manager Identity Server to log in to the user portal.

    The following URL is a sample URL that you will get from the administrator:

    https://<IDPServer>:<port>

    In addition, you must have one of the following roles:

    • NAM_OAUTH2_DEVELOPER: This allows the user to view and modify the client registration details of the applications that the user has registered on the portal.
    • NAM_OAUTH2_ADMIN: This allows the user to view and modify the client registration details of all the client applications that are registered with Access Manager.

  • The client application redirection URIs, where Identity Server can send the tokens.

    NOTE:The urn:ietf:wg:oauth:2.0:oob redirect URI is supported only for the authorization code flow.

To get the endpoint details of Identity Server, see OAuth Metadata Endpoint.

2.2.2 Registering an OAuth Client Application

You can register the client application by using any one of the following options:

  • Register the client application using the Access Manager user portal.

    1. Log in to the Access Manager user portal.

      Sample URL: https://<IDPServer:port>/nidp/portal

    2. Navigate to User > Administer OAuth Apps > Register New Client.

    3. Specify the client configuration details.

      For more information about each field, see the context-sensitive help.

      NOTE:Select Grants Required based on the OAuth flow that you have decided using the first step, Selecting the Authorization Grant Type.

    4. For refresh tokens, select Refresh Token in Token Types.

  • Register using Rest API.

    Send an API request to the registration endpoint (https://<Identity Server URL: Port Number>/nidp/oauth/nam/clients) and include the following required OAuth parameters:

    • client_name: Name of the application

    • redirect_uris: Redirection URI values

      The value, urn:ietf:wg:oauth:2.0:oob is supported only for the authorization code flow.

    • grant_types: select the grant types based on the OAuth flow that you have decided.

    For information about sending request to the registration endpoint, see Registration Endpoint.

After the registration is successful, you will receive the client ID and the client secret. Using these, you can initiate the OAuth flow.