7 OAuth Services WLST Commands

This chapter provides descriptions of custom WebLogic Scripting Tool (WLST) commands for Oracle Access Management OAuth Services, including command syntax, arguments and examples.

The following section lists the OAuth Services WLST commands and contains links to the command reference details.

OAuth Services Commands

OAuth Services Commands

Use the WLST commands listed in Table 7-1 to manage Oracle Access Management OAuth Services configuration objects.

Table 7-1 WLST Mobile and Social Commands for OAuth Services

Use this command...	To...	Use with WLST...
OAuth Identity Domain Commands
removeOAuthIdentityDomain	Removes the specified OAuth Identity Domain.	Online
createOAuthIdentityDomain	Creates a new OAuth Identity Domain.	Online
updateOAuthIdentityDomain	Updates an OAuth Identity Domain.	Online
updateOAuthIdentityDomainParam	Updates and allows individual attributes to be modified.	Online
OAuth System Configuration Commands
updateOAuthSystemConfig	Updates the OAuth System Configuration Defaults for the Identity Domain.	Online
OAuth System Component Commands
removeOAuthSysComponent	Removes the specified OAuth System Component.	Online
createOAuthSysComponent	Creates the specified OAuth System Component.	Online
updateOAuthSysComponent	Updates the specified OAuth System Component.	Online
OAuth Service Provider Commands
removeOAuthServiceProvider	This command will remove an OAuth Service Provider object.	Online
createOAuthServiceProvider	Creates an OAuth Service Provider.	Online
updateOAuthServiceProvider	Updates an OAuth Service Provider.	Online
updateOAuthServiceProviderParam	Updates an OAuth Service Provider parameter.	Online
OAuth Client Commands
removeOAuthClient	Removes an OAuth client object.	Online
createOAuthClient	Creates an OAuth client object.	Online
updateOAuthClient	Updates an OAuth client object.	Online
Service Profile Commands
removeOAuthServiceProfile	Removes a service profile.	Online
createOAuthServiceProfile	Creates a service profile.	Online
updateOAuthServiceProfile	Updates a service profile.	Online
updateOAuthServiceProfileParam	Updates a service profile and allows individual attributes to be modified.	Online
OAuth Adaptive Access Plug-in Commands
removeOAuthAdaptiveAccessPlugin	Removes the specified OAuth Adaptive Access Plug-in.	Online
createOAuthAdaptiveAccessPlugin	Creates the specified OAuth Adaptive Access Plug-in.	Online
updateOAuthAdaptiveAccessPlugin	Updates the specified OAuth Adaptive Access Plug-in.	Online
OAuth Token Attributes Plug-in Commands
removeOAuthTokenAttributesPlugin	Removes the specified OAuth Token Attributes Plug-in.	Online
createOAuthTokenAttributesPlugin	Creates the specified OAuth Token Attributes Plug-in.	Online
updateOAuthTokenAttributesPlugin	Updates the specified OAuth Token Attributes Plug-in.	Online
OAuth ResourceServer Interface Commands
removeOAuthResourceServerInterface	Removes an OAuth Resource Server Interface.	Online
updateOAuthResourceServerInterface	Updates an OAuth Resource Server Interface.	Online
createOAuthResourceServerInterface	Creates an OAuth Resource Server Interface.	Online
OAuth ResourceServer Interface
removeOAuthUserProfileResourceServer	Removes an OAuth User Profile Resource Server Interface.	Online
updateOAuthUserProfileResourceServer	Updates an OAuth User Profile Resource Server Interface.	Online
updateOAuthResourceServerInterfaceParam	Updates an OAuth Resource Server Interface and allows an individual attribute to be modified.	Online
createOAuthUserProfileResourceServer	Creates an OAuth User Profile Resource Server Interface.	Online
OAuth MSM Plug-in Commands
removeOAuthMSMPlugin	Removes the specified OAuth MSM Plugin.	Online
createOAuthMSMPlugin	Creates the specified OAuth MSM Plugin.	Online
updateOAuthMSMPlugin	Updates the specified OAuth MSM Plugin.	Online
updateOAuthMSMPluginParam	Updates an OAuth MSM Plugin.	Online
Get / Display Commands
getOAuthIdentityDomains	Gets all the existing OAuth Identity Domains.	Online
displayOAuthIdentityDomain	Display the specified OAuth Identity Domain.	Online
displayOAuthSystemConfig	Display the specified OAuth system configuration.	Online
getOAuthSysComponents	Gets all the existing OAuth System Components.	Online
displayOAuthSysComponent	Display the specified OAuth System Component.	Online
getOAuthServiceProviders	Gets all the existing OAuth Service Providers.	Online
displayOAuthServiceProvider	Display the specified OAuth Service Provider.	Online
getOAuthClients	Gets all the existing OAuth Clients.	Online
displayOAuthClient	Display the specified OAuth Client.	Online
getOAuthAdaptiveAccessPlugins	Gets all the existing OAuth AdaptiveAccessPlugins.	Online
displayOAuthAdaptiveAccessPlugin	Display the specified OAuth AdaptiveAccessPlugin.	Online
getOAuthAuthzPlugin	Gets all the existing OAuth authorization plug-ins.	Online
displayOAuthAuthzPlugin	Display the specified OAuth authorization plug-ins.	Online
getOAuthTokenAttributesPlugins	Gets all the existing OAuth Token Attributes Plug-ins.	Online
displayOAuthTokenAttributesPlugin	Display the specified OAuth Token Attributes Plug-in.	Online
getOAuthResourceServerInterfaces	Gets all the existing OAuth ResourceServerInterfaces.	Online
displayOAuthResourceServerInterface	Display the specified OAuth ResourceServerInterface.	Online
getOAuthUserProfileResourceServers	Gets all the existing OAuth UserProfile resource server plug-ins.	Online
displayOAuthUserProfileResourceServer	Display the specified OAuth UserProfile resource server plug-in.	Online
getOAuthServiceProfiles	Gets all the existing OAuth Service Profiles.	Online
displayOAuthServiceProfile	Display the specified OAuth Service Profile.	Online

removeOAuthIdentityDomain

removeOAuthIdentityDomain

Description

Removes the specified OAuth Identity Domain.

Syntax

removeOAuthIdentityDomain(name)

where name is the name of the OAuth Identity Domain to be removed.

Example

removeOAuthIdentityDomain('myDomain')

createOAuthIdentityDomain

createOAuthIdentityDomain

Description

Creates a new OAuth Identity Domain.

Syntax

createOAuthIdentityDomain(name, description, allowMultRS, enableMobile, globalUID )

Argument	Definition
`name`	The name of the OAuth Identity Domain.
`description`	A description of the OAuth Identity Domain. [Optional]
`allowMultRS`	Boolean set for allowing multiple resource servers.
`enableMobile`	Boolean set that enables mobile parameters (used by UI console).
`globalUID`	Global unique identifier. [Optional]

Example

createOAuthIdentityDomain('myDomain', 'My Default Identity Domain', 'true', 'true', ' ')

updateOAuthIdentityDomain

updateOAuthIdentityDomain

Description

Updates an OAuth Identity Domain.

Syntax

updateOAuthIdentityDomain(name, newName, description, allowMultRS, enableMobile)

Argument	Definition
`name`	The name of the OAuth Identity Domain.
`newName`	The new name of the OAuth Identity Domain.
`description`	A description of the OAuth Identity Domain. [Optional]
`allowMultRS`	Boolean set for allowing multiple resource servers.
`enableMobile`	Boolean set that enables mobile parameters (used by UI console).

Example

updateOAuthIdentityDomain('myDomain','newDomain','My Default Identity Domain','true','true')

updateOAuthIdentityDomainParam

updateOAuthIdentityDomainParam

Description

Updates and allows individual attributes to be modified.

Syntax

updateOAuthIdentityDomainParam(name, parameter, newvalue)

Argument	Definition
`name`	The name of the OAuth Identity Domain.
`parameter`	The parameter to update: `name \| description \| allowTokenAttrRetrieval \| enableMobile`
`new value`	The new value for the specified parameter.

Example

updateOAuthIdentityDomainParam('myDomain','description','My new Description')

updateOAuthSystemConfig

updateOAuthSystemConfig

Description

Updates the OAuth system configuration defaults for the identity domain.

Syntax

updateOAuthSystemConfig(identityDomainName, proxyProtocol, proxyHost, proxyPort, proxyUser, minPool, maxPool, keepAlive, maxTokenSearchResult, paramList )

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`proxyProtocol`	The default HTTP protocol. Either HTTP or HTTPS. [optional]
`proxyHost`	The default HTTP proxy host. [optional]
`proxyPort`	The default HTTP proxy port. [optional]
`proxyUser`	The default HTTP proxy user. [optional]
`minPool`	The default Apple Push Notification minimum connection pool.
`maxPool`	The default Apple Push Notification maximum connection pool.
`keepAlive`	The default Apple Push Notification keepAlive in seconds.
`maxTokenSearchResult`	The maximum token search result in seconds.
`paramList`	A list of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`

Example

updateOAuthSystemConfig('myDomain','HTTP','hostname', '4444', 'user', '1', '3', '300','55','[{param1:val1},{param2:val2}]')

removeOAuthSysComponent

removeOAuthSysComponent

Description

Removes the specified OAuth system component.

Syntax

removeOAuthSysComponent(identityDomainName, name )

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth system component.

Example

removeOAuthSysComponent('myDomain','myComponent')

createOAuthSysComponent

createOAuthSysComponent

Description

Creates the specified OAuth system component.

Syntax

createOAuthSysComponent(identityDomainName, name, description, interClass, implClass, paramList)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth system component.
`description`	A description of the OAuth system component. [Optional]
`interClass`	The interface class of the OAuth system component. Authorization and consent plug-ins - `oracle.security.idaas.oauth.consent.AuthorizationUserConsent` Client plug-ins - `oracle.security.idaas.oauth.client.ClientSecurityManager` Resource Server Plug-ins - `oracle.security.idaas.oauth.resourceserver.ResourceServerProfileService`
`implClass`	The implement class of the OAuth system component.
`paramList`	A list of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`

Example

createOAuthSysComponent('myDomain','DefaultUserConsentService','Default User Consent Service','oracle.security.idaas.oauth.consent.AuthorizationUserConsent','oracle.security.idaas.oauth.consent.impl.LDAPAuthorizationUserConsentImpl','[{uc.ldap.username.attr:uid},{uc.ldap.consent.attr:postaladdress},{uc.ldap.userprofile.service:"/UserProfile"}]')

updateOAuthSysComponent

updateOAuthSysComponent

Description

Updates the specified OAuth System Component.

Syntax

updateOAuthSysComponent(identityDomainName, name, description, interClass, implClass, paramList)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth system component.
`description`	A description of the OAuth system component. [Optional]
`interClass`	The interface class of the OAuth system component. Authorization and consent plug-ins - `oracle.security.idaas.oauth.consent.AuthorizationUserConsent` Client plug-ins - `oracle.security.idaas.oauth.client.ClientSecurityManager` Resource Server Plug-ins - `oracle.security.idaas.oauth.resourceserver.ResourceServerProfileService`
`implClass`	The implement class of the OAuth system component.
`paramList`	A list of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`

Example

updateOAuthSysComponent('myDomain','DefaultUserConsentService','Default User Consent Service','oracle.security.idaas.oauth.consent.AuthorizationUserConsent','oracle.security.idaas.oauth.consent.impl.LDAPAuthorizationUserConsentImpl','[{uc.ldap.username.attr:uid},{uc.ldap.consent.attr:postaladdress},{uc.ldap.userprofile.service:"/UserProfile"}]')

removeOAuthServiceProvider

removeOAuthServiceProvider

Description

Removes an OAuth service provider object.

Syntax

removeOAuthServiceProvider(identityDomainName, name )

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth service provider.

Example

removeOAuthServiceProvider('myDomain','myProvider')

createOAuthServiceProvider

createOAuthServiceProvider

Description

Creates an OAuth service provider

Syntax

createOAuthServiceProvider(identityDomainName, name, description, implClass, paramList)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth service provider.
`description`	A description of the OAuth service provider. [Optional]
`implClass`	The implement class of the OAuth service provider.
`paramList`	A list of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`

Example

createOAuthServiceProvider('myDomain','OAuthServiceProvider','OAuth Service Provider','oracle.security.idaas.oauth.token.jwtimpl.OAuthProvider', '[{oam.OAM_VERSION_disabled:OAM_11G},{oam.WEBGATE_ID:accessgate-oic},{oam.ENCRYPTED_PASSWORD:""},{oam.DEBUG_VALUE:0},{oam.TRANSPORT_SECURITY:OPEN},{oam.OAM_SERVER_1:"localhost:5575"},{oam.OAM_SERVER_1_MAX_CONN:4},{oam.OAM_SERVER_2:"oam_server_2:5575"},{oam.OAM_SERVER_2_MAX_CONN:4},{oam.AuthNURLForUID:"wl_authen://sample_ldap_no_pwd_protected_res"}]')

updateOAuthServiceProvider

updateOAuthServiceProvider

Description

Updates an OAuth service provider.

Syntax

updateOAuthServiceProvider(identityDomainName, name, description, implClass, paramList)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth service provider.
`description`	A description of the OAuth service provider. [Optional]
`implClass`	The implement class of the OAuth service provider.
`paramList`	A list of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`

Example

updateOAuthServiceProvider('myDomain','OAuthServiceProvider','OAuth Service Provider','oracle.security.idaas.oauth.token.jwtimpl.OAuthProvider', '[{oam.OAM_VERSION_disabled:OAM_11G},{oam.WEBGATE_ID:accessgate-oic},{oam.ENCRYPTED_PASSWORD:"welcome"},{oam.DEBUG_VALUE:0},{oam.TRANSPORT_SECURITY:OPEN},{oam.OAM_SERVER_1:"localhost:5575"},{oam.OAM_SERVER_1_MAX_CONN:4},{oam.OAM_SERVER_2:"oam_server_2:5575"},{oam.OAM_SERVER_2_MAX_CONN:4},{oam.AuthNURLForUID:"wl_authen://sample_ldap_no_pwd_protected_res"}]')

updateOAuthServiceProviderParam

updateOAuthServiceProviderParam

Description

Updates a specific parameter with the specified new value.

Syntax

updateOAuthServiceProviderParam(identityDomainName, name, param, newvalue)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth service provider.
`param`	The parameter to update: `name`, `description`, `implClass`, `paramList`, `paramListAdd` (adds the specified parameter leaving existing parameters in place)
`newvalue`	New value for the parameter.

removeOAuthClient

removeOAuthClient

Description

Removes an OAuthClient object.

Syntax

removeOAuthClient(identityDomainName, name )

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth client.

Example

removeOAuthClient('myDomain','myClient')

createOAuthClient

createOAuthClient

Description

Creates an OAuthClient object.

Syntax

createOAuthClient(identityDomainName, name, description, globalUID, secret, allowTokenAttrRetrieval, httpRedirectURIList, paramList, mobileRedirectURIList, mobileParams, claimList, minPool, maxPool, keepAlive, production, gcmAppSetting, scopeRequiresUserConsent, scopeInvokeUserConsent, allowAllScopes, resourceServerScopes, scopes, grantTypes, clientType)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth client.
`description`	A description of the OAuth Client.
`globalUID`	Global unique identifier. [Optional]
`secret`	The secret key.
`allowTokenAttrRetrieval`	Boolean to enable/disable token attribute retrieval.
`httpRedirectList`	The list of one or more redirect URIs specified in JSON format: `[{"uri":partial},{"uri2":partial}...]`
`paramList`	A list of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`
`mobileRedirectURIList`	List of one or more mobile redirect URIs. [Optional]
`mobileParams`	A list of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`
`claimList`	A list of claim attributes. [Optional]
`minPool`	The default Apple Push Notification minimum connection pool. [Optional]
`maxPool`	The default Apple Push Notification maximum connection pool. [Optional]
`keepAlive`	The default Apple Push Notification keepAlive in seconds. [Optional]
`production`	A Boolean to set production or development mode. [Optional]
`gcmAppSetting`	Google Restricted Package name. [Optional]
`scopeRequiresUserConsent`	Boolean
`scopeInvokeUserConsent`	Boolean
`allowAllScopes`	Boolean
`resourceServerScopes`	List of resource server scopes. Use this argument to select the resource server scope name prefix, for example `userProfile` would allow a client to access all `userProfile` resource server scopes. [Optional]
`scopes`	List of scopes. Use this argument to select a specific scope name, for example: `userProfile.me.read`. [Optional]
`grantTypes`	[Optional] List of grant types: `authorization_code` `code` `token` `password` `client_credentials` `refresh_token` `oracle-idm:/oauth/grant-type/user-id-assertion`
`clientType`	Type of client: Either `CONFIDENTIAL_CLIENT` or `MOBILE_CLIENT`

Example

createOAuthClient('myDomain','sampleOAuthMobileClient',
'sample client app','1234567890','quiet','true',
'[{"http://localhost:7005:/base_domain/domainRuntime":false}]','[{par1:val1}]',
'','[{mobpar1:mobval1}]',
'oracle:idm:claims:client:geolocation,oracle:idm:claims:client:imei,
oracle:idm:claims:client:jailbroken,oracle:idm:claims:client:locale,
oracle:idm:claims:client:macaddress,oracle:idm:claims:client:networktype,
oracle:idm:claims:client:ostype,oracle:idm:claims:client:osversion,
oracle:idm:claims:client:phonecarriername,oracle:idm:claims:client:phonenumber,
oracle:idm:claims:client:sdkversion,oracle:idm:claims:client:udid,
oracle:idm:claims:client:vpnenabled,oracle:idm:claims:client:fingerprint',
'1','3','300','false','gcm','true','false','true','','',
'authorization_code,client_credentials','MOBILE_CLIENT')

updateOAuthClient

updateOAuthClient

Description

Updates an OAuthClient.

Syntax

updateOAuthClient(identityDomainName, name, description, secret, allowTokenAttrRetrieval, httpRedirectURIList, paramList, mobileRedirectURIList, mobileParams, claimList, minPool, maxPool, keepAlive, production, gcmAppSetting, scopeRequiresUserConsent, scopeInvokeUserConsent, allowAllScopes, resourceServerScopes, scopes, grantTypes, clientType)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth client.
`description`	A description of the OAuth Client.
`secret`	The secret key.
`allowTokenAttrRetrieval`	Boolean to enable/disable token attribute retrieval.
`httpRedirectList`	The list of one or more redirect URIs specified in JSON format: `[{"uri":partial},{"uri2":partial}...]`
`paramList`	A list of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`
`mobileRedirectURIList`	List of one or more mobile redirect URIs. [Optional]
`mobileParams`	A list of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`
`claimList`	A list of claim attributes. [Optional]
`minPool`	The default Apple Push Notification minimum connection pool. [Optional]
`maxPool`	The default Apple Push Notification maximum connection pool. [Optional]
`keepAlive`	The default Apple Push Notification keepAlive in seconds. [Optional]
`production`	A Boolean to set production or development mode. [Optional]
`gcmAppSetting`	Google Restricted Package name. [Optional]
`scopeRequiresUserConsent`	Boolean
`scopeInvokeUserConsent`	Boolean
`allowAllScopes`	Boolean
`resourceServerScopes`	List of resource server scopes. [Optional]
`scopes`	List of scopes. [Optional]
`grantTypes`	[Optional] List of grant types: `authorization_code` `code` `token` `password` `client_credentials` `refresh_token` `oracle-idm:/oauth/grant-type/user-id-assertion`
`clientType`	Type of client: Either `CONFIDENTIAL_CLIENT` or `MOBILE_CLIENT` ,`ALL`

Example

updateOAuthClient('myDomain','sampleOAuthMobileClient',
'sample client app','quiet',
'[{"http://localhost:7005:/base_domain/domainRuntime":false}]',
'[{par1:val1}]','','[{mobpar1:mobval1}]','oracle:idm:claims:client:geolocation,
oracle:idm:claims:client:imei,oracle:idm:claims:client:jailbroken,
oracle:idm:claims:client:locale,oracle:idm:claims:client:macaddress,
oracle:idm:claims:client:networktype,oracle:idm:claims:client:ostype,
oracle:idm:claims:client:osversion,oracle:idm:claims:client:phonecarriername,
oracle:idm:claims:client:phonenumber,oracle:idm:claims:client:sdkversion,
oracle:idm:claims:client:udid,oracle:idm:claims:client:vpnenabled,
oracle:idm:claims:client:fingerprint','1','3','300','false','gcm','true','false',
'true','','','authorization_code,client_credentials','MOBILE_CLIENT')

updateOAuthClientParam

updateOAuthClientParam

Description

Updates a specific parameter with the specified new value.

Syntax

updateOAuthClient(identityDomainName, name, param, newvalue)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth client.
`param`	The parameter to update: `[name, description, secret, allowTokenAttrRetrieval, httpRedirectURIList, paramList, paramListAdd` (adds the specified parameter leaving existing parameters in place)`, mobileRedirectURIList]`
`newvalue`	New value for the parameter.

Example

updateOAuthClientParam('myDomain','sampleOAuthMobileClient','secret',
'xpalkdnwe3')

removeOAuthServiceProfile

removeOAuthServiceProfile

Description

Removes a service profile.

Syntax

removeOAuthServiceProfile(identityDomainName, name)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth service profile.

Example

removeOAuthServiceProfile('myDomain','myServiceProfile')

createOAuthServiceProfile

createOAuthServiceProfile

Description

Creates a service profile.

Syntax

createOAuthServiceProfile(identityDomainName, name, description, adAccessPlugin, tokenAttrPlugin, clientPlugin, pluginMode, resourceServerProfilePlugin, authzUserConsentPlugin, allResourceServerInterfaces, resourceServers, allClients, clientAppBindings, preferredHardwareIdList, androidSender, androidSecurityLevel, iosSecurityLevel, otherSecurityLevel, consentServiceProtection, clientRegRequiresUserConsent, serviceProvider, endpoint, serviceEnable, mobilePreAuthzExpire, mobilePreAuthzEnable, authzExpire, authzEnable, clientExpire, clientEnable, clientRefreshExpire, clientRefreshEnable, userExpire, userEnable, userRefreshExpire, userRefreshEnable, accessExpire, accessEnable, accessRefreshExpire, accessRefreshEnable, paramList, mobParamList, userAuthenticator, tokenStatic, tokenDynamic)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth system component.
`description`	A description of the OAuth Service Profile. [Optional]
`adAccessPlugin`	Adaptive Access Plug-in. [Optional]
`tokenAttrPlugin`	Token Attribute Plugin. [Optional]
`clientPlugin`	The name of the client plug-in.
`pluginMode`	Client plug-in mode. Either ALL_LOCAL_STORAGE or ALL_PLUGIN_DELEGATION.
`resourceServerProfilePlugin`	Resource server profile plug-in.
`authzUserConsentPlugin`	Authorization user consent plug-in.
`allResourceServerInterfaces`	Boolean that specifies whether the service profile can contain generic (false) interfaces.
`resourceServers`	List of resource servers.
`allClients`	Boolean that specifies is the service profile applies to all clients.
`clientAppBindings`	[Optional] List of client application bindings specified in JSON format: `[{client:client1,role:SSOAgent,priority:45,param:[{param1:value},{param2:value2}]}]`
`preferredHardwareIdList`	List of Hardware IDs separated by commas.
`androidSender`	GCM sender ID. [Optional]
`androidSecurityLevel`	Android security level: HIGH or MEDIUM or LOW.
`iosSecurityLevel`	iOS security level: HIGH or MEDIUM or LOW.
`otherSecurityLevel`	Other security level: HIGH or MEDIUM or LOW.
`consentServiceProtection`	Service Protection Mode: OAM or JWT_IDS or JWT_OAM.
`clientRegRequiresUserConsent`	Boolean that specifies if client registration requires user consent.
`serviceProvider`	Service provider.
`endpoint`	Service endpoint.
`serviceEnable`	Boolean that enables or disables the service profile. Either true or false.
`mobilePreAuthzExpire`	Mobile pre-authorization code expiration length (in seconds). [Optional]
`mobilePreAuthzEnable`	Boolean that enables or disables the mobile pre-authorization code. [Optional] Either true or false.
`authzExpire`	Authorization code expiration (in seconds). [Optional]
`authzEnable`	Boolean that enables or disables the authorization code. [Optional] Either true or false.
`clientExpire`	Client token authorization code expiration (in seconds). [Optional]
`clientEnable`	Boolean that enables or disables the client token. [Optional] Either true or false.
`clientRefreshExpire`	Client refresh token expiration (in seconds). [Optional]
`clientRefreshEnable`	Boolean that enables or disables the client refresh token. [Optional]
`userExpire`	User token expiration (in seconds). [Optional]
`userEnable`	Boolean that enables or disables the user token. [Optional]
`userRefreshExpire`	User refresh token expiration (in seconds). [Optional]
`userRefreshEnable`	Boolean that enables or disables the user refresh token. [Optional]
`accessExpire`	Access token expiration (in seconds).
`accessEnable`	Boolean access token enable.
`accessRefreshExpire`	Access refresh token expiration (in seconds).
`accessRefreshEnable`	Boolean access refresh Token enable.
`paramList`	A list of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`
`mobParamList`	A list of mobile client parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`
`userAuthenticator`	User Authenticator. Either IDS or OAM.
`tokenStatic`	[Optional] Static token attribute specified in JSON format: `[{name1:value1},{name2:value2}...]`
`tokenDynamic`	Dynamic token attribute list. [Optional]

Example

createOAuthServiceProfile('myDomain', 'OAuthServiceProfile', 
'OAuth Service Profile','sampleSecurityPlugin','defaultTokenAttrPlugin',
'DefaultClientSecurityManager','ALL_LOCAL_STORAGE',
'DefaultResourceServerProfilePlugin','AuthzUserConsentPlugin',
'false','sampleResourceServerInterface','false',
'[{client:sampleOAuthClient,role:SSOAgent,priority:45,param:[{param1:val1},
{param2:val2}]},{client:sampleOwsmOAuthClient,role:SSOAgent,priority:45,
param:[{param1:val1},{param2:val2}]}]','','GoogleCloudMessaging','HIGH','MEDIUM',
'LOW','OAM','true','OAuthServiceProvider','/oauthserv','true','150','false',
'900','true','28800','true','604800','true','28800','true','0','false','3600',
'true','28800','true','[{oracle.id.name:userrole},{jwt.CryptoScheme:RS512},
{jwt.issuer:www.oracle.example.com}]','[{mobileParamName:mobileParamValue}]',
'OAM','[{attr1:val1}]','attr1,attr2,attr3')

updateOAuthServiceProfile

updateOAuthServiceProfile

Description

Updates a service profile.

Syntax

updateOAuthServiceProfile(identityDomainName, name, description, adAccessPlugin, tokenAttrPlugin, clientPlugin, pluginMode, resourceServerProfilePlugin, authzUserConsentPlugin, allResourceServerInterfaces, resourceServers, allClients, clientAppBindings, preferredHardwareIdList,androidSender, androidSecurityLevel, iosSecurityLevel, otherSecurityLevel, consentServiceProtection, clientRegRequiresUserConsent, serviceProvider, endpoint, serviceEnable, mobilePreAuthzExpire, mobilePreAuthzEnable, authzExpire, authzEnable, clientExpire, clientEnable, clientRefreshExpire, clientRefreshEnable, userExpire, userEnable, userRefreshExpire, userRefreshEnable, accessExpire, accessEnable, accessRefreshExpire, accessRefreshEnable, paramList, mobParamList, userAuthenticator, tokenStatic, tokenDynamic)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth service profile.
`description`	A description of the OAuth service profile. [Optional]
`adAccessPlugin`	Adaptive Access Plug-in. [Optional]
`tokenAttrPlugin`	Token Attribute Plugin. [Optional]
`clientPlugin`	The name of the client plug-in.
`pluginMode`	Client plug-in mode. Either ALL_LOCAL_STORAGE or ALL_PLUGIN_DELEGATION.
`resourceServerProfilePlugin`	Resource server profile plug-in.
`authzUserConsentPlugin`	Authorization user consent plug-in.
`allResourceServerInterfaces`	Boolean that specifies whether the service profile can contain generic (false) interfaces.
`resourceServers`	List of resource servers.
`allClients`	Boolean that specifies is the service profile applies to all clients.
`clientAppBindings`	[Optional] List of client application bindings specified in JSON format: `[{client:client1,role:SSOAgent,priority:45,param:[{param1:value},{param2:value2}]}]`
`preferredHardwareIdList`	List of Hardware IDs separated by commas.
`androidSender`	GCM sender ID. [Optional]
`androidSecurityLevel`	Android security level: HIGH or MEDIUM or LOW.
`iosSecurityLevel`	iOS security level: HIGH or MEDIUM or LOW.
`otherSecurityLevel`	Other security level: HIGH or MEDIUM or LOW.
`consentServiceProtection`	Service Protection Mode: OAM or JWT_IDS or JWT_OAM.
`clientRegRequiresUserConsent`	Boolean that specifies if client registration requires user consent.
`serviceProvider`	Service provider.
`endpoint`	Service endpoint.
`serviceEnable`	Boolean that enables or disables the service profile. Either true or false.
`mobilePreAuthzExpire`	Mobile pre-authorization code expiration length (in seconds). [Optional]
`mobilePreAuthzEnable`	Boolean that enables or disables the mobile pre-authorization code. [Optional] Either true or false.
`authzExpire`	Authorization code expiration (in seconds). [Optional]
`authzEnable`	Boolean that enables or disables the authorization code. [Optional] Either true or false.
`clientExpire`	Client token authorization code expiration (in seconds). [Optional]
`clientEnable`	Boolean that enables or disables the client token. [Optional] Either true or false.
`clientRefreshExpire`	Client refresh token expiration (in seconds). [Optional]
`clientRefreshEnable`	Boolean that enables or disables the client refresh token. [Optional]
`userExpire`	User token expiration (in seconds). [Optional]
`userEnable`	Boolean that enables or disables the user token. [Optional]
`userRefreshExpire`	User refresh token expiration (in seconds). [Optional]
`userRefreshEnable`	Boolean that enables or disables the user refresh token. [Optional]
`accessExpire`	Access token expiration (in seconds).
`accessEnable`	Boolean access token enable.
`accessRefreshExpire`	Access refresh token expiration (in seconds).
`accessRefreshEnable`	Boolean access refresh Token enable.
`paramList`	A list of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`
`mobParamList`	A list of mobile client parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`
`userAuthenticator`	User Authenticator. Either IDS or OAM.
`tokenStatic`	[Optional] Static token attribute specified in JSON format: `[{name1:value1},{name2:value2}...]`
`tokenDynamic`	Dynamic token attribute list. [Optional]

Example

updateOAuthServiceProfile('myDomain', 'OAuthServiceProfile', 'OAuth Service Profile','sampleSecurityPlugin','defaultTokenAttrPlugin','DefaultClientSecurityManager','ALL_LOCAL_STORAGE','DefaultResourceServerProfilePlugin','AuthzUserConsentPlugin','false','sampleResourceServerInterface','false','[{client:sampleOAuthClient,role:SSOAgent,priority:45,param:[{param1:val1},{param2:val2}]},{client:sampleOwsmOAuthClient,role:SSOAgent,priority:45,param:[{param1:val1},{param2:val2}]}]','oracle:idm:claims:client:iosidforvendor,oracle:idm:claims:client:macaddress,oracle:idm:claims:client:imei','GoogleCloudMessaging','HIGH','MEDIUM','LOW','OAM','true','OAuthServiceProvider','/oauthserv','true','150','false','900','true','28800','true','604800','true','28800','true','0','false','3600','true','28800','true','[{oracle.id.name:userrole},{jwt.CryptoScheme:RS512},{jwt.issuer:www.oracle.example.com}]','[{mobileParamName:mobileParamValue}]','OAM','[{attr1:val1}]','attr1,attr2,attr3')

updateOAuthServiceProfileParam

updateOAuthServiceProfileParam

Description

Updates a specific parameter with the specified new value.

Syntax

updateOAuthServiceProfileParam(domainName, name, parameter, newvalue)

Argument	Definition
`domainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth service profile.
`param`eter	The parameter to update: name \| description \| adAccessPlugin \| msmPlugin \| tokenAttrPlugin \| clientPlugin \| pluginMode \| resourceServerProfilePlugin \| authzUserConsentPlugin \| allResourceServerInterfaces \| resourceServers \| allClients \| clientAppBindings \| androidSender \| androidSecurityLevel \| iosSecurityLevel \| otherSecurityLevel \| consentServiceProtection \| clientRegRequiresUserConsent \| serviceProvider \| endpoint \| serviceEnable \| mobilePreAuthzExpire \| mobilePreAuthzEnable \| authzExpire \| authzEnable \| clientExpire \| clientEnable \| clientRefreshExpire \| clientRefreshEnable \| userExpire \| userEnable \| userRefreshExpire \| userRefreshEnable \| accessExpire \| accessEnable \| accessRefreshExpire \| accessRefreshEnable \| paramList \| paramListAdd \| mobParamList \| userAuthenticator \| tokenStatic \| tokenDynamic \| preferredHardwareIdList \| preferredHardwareIdListAdd
`newvalue`	New value for the specified parameter.

Example

updateOAuthServiceProfileParam('myDomain', 'OAuthServiceProfile',
'description','My new Description')

removeOAuthAdaptiveAccessPlugin

removeOAuthAdaptiveAccessPlugin

Description

Removes the specified OAuth Adaptive Access plug-in.

Syntax

removeOAuthAdaptiveAccessPlugin(identityDomainName,name)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth system component.

Example

removeOAuthAdaptiveAccessPlugin('myDomain','myComponent')

createOAuthAdaptiveAccessPlugin

createOAuthAdaptiveAccessPlugin

Description

Creates the specified OAuth Adaptive Access plug-in.

Syntax

createOAuthAdaptiveAccessPlugin(identityDomainName, name, description, implClass, paramList)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth plug-in.
`description`	A description of the OAuth plug-in. [Optional]
`implClass`	The implement class of the OAuth plug-in.
`paramList`	A list of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`

Example

createOAuthAdaptiveAccessPlugin('myDomain','sampleSecurityPlugin','sample adaptive access plugin', 'oracle.security.idaas.rest.provider.plugin.impl.DebugMobileSecurityHandlerImpl','[{OAUTH_TEST:true},{EMU_DEVICE_REG:true},{EMU_HANDLE:false}]')

updateOAuthAdaptiveAccessPlugin

updateOAuthAdaptiveAccessPlugin

Description

Updates the specified OAuth Adaptive Access plug-in.

Syntax

updateOAuthAdaptiveAccessPlugin(identityDomainName, name, description, implClass, paramList)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth plug-in.
`description`	A description of the OAuth plug-in. [Optional]
`implClass`	The implement class of the OAuth plug-in.
`paramList`	A list of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`

Example

updateOAuthAdaptiveAccessPlugin('myDomain','sampleSecurityPlugin','sample adaptive access plugin','oracle.security.idaas.rest.provider.plugin.impl.DebugMobileSecurityHandlerImpl','[{OAUTH_TEST:true},{EMU_DEVICE_REG:true},{EMU_HANDLE:false}]')

removeOAuthTokenAttributesPlugin

removeOAuthTokenAttributesPlugin

Description

Removes the specified OAuth Token Attributes plug-in.

Syntax

removeOAuthTokenAttributesPlugin(identityDomainName,name)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth system component.

Example

removeOAuthTokenAttributesPlugin('myDomain','myComponent')

createOAuthTokenAttributesPlugin

createOAuthTokenAttributesPlugin

Description

Creates the specified OAuth Token Attributes plug-in.

Syntax

createOAuthTokenAttributesPlugin(identityDomainName, name, description,implClass, paramList)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth plug-in.
`description`	A description of the OAuth plug-in. [Optional]
`implClass`	The implement class of the OAuth plug-in.
`paramList`	A list of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`

Example

createOAuthTokenAttributesPlugin('myDomain','testTokenAttributesPlugin','test token attributes plugin','oracle.security.idaas.rest.provider.plugin.impl.DebugTokenAttributesHandlerImpl','[{paramName:paramValue}]')

updateOAuthTokenAttributesPlugin

updateOAuthTokenAttributesPlugin

Description

Updates the specified OAuth Token Attributes plug-in.

Syntax

updateOAuthTokenAttributesPlugin(identityDomainName, name, description, implClass, paramList)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth plug-in.
`description`	A description of the OAuth plug-in. [Optional]
`implClass`	The implement class of the OAuth plug-in.
`paramList`	A list of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`

Example

updateOAuthTokenAttributesPlugin('myDomain','testTokenAttributesPlugin','test token attributes plugin', 'oracle.security.idaas.rest.provider.plugin.impl.DebugTokenAttributesHandlerImpl','[{paramName:paramValue}]')

removeOAuthResourceServerInterface

removeOAuthResourceServerInterface

Description

Removes an OAuth resource server interface.

Syntax

removeOAuthResourceServerInterface(identityDomainName, name )

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth resource server interface.

Example

removeOAuthResourceServerInterface('myDomain','myComponent')

updateOAuthResourceServerInterface

updateOAuthResourceServerInterface

Description

Updates an OAuth resource server interface.

Syntax

updateOAuthResourceServerInterface(identityDomainName, name, description, secret, allowTokenAttrRetrieval, namespacePrefix, audienceClaim, scopeList, offlineScope, authzUserConsentPluginRef, overriddenAuthzExpire, overriddenAuthzEnable, overriddenAccessExpire, overriddenAccessEnable, overriddenAccessRefreshExpire, overriddenAccessRefreshEnable, tokenStatic, tokenDynamic)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth resource server interface.
`description`	A description of the OAuth resource server interface.
`secret`	The secret key.
`allowTokenAttrRetrieval`	Boolean that enables/disables token attribute retrieval.
`namespacePrefix`	A namespace prefix. [Optional]
`audienceClaim`	Audience claim URI. [Optional]
`scopeList`	A list of parameters specified in JSON format: `[{scopeName:myName,includedInDefault:true,userOffline:true,requiresConsent:true,scopeDesc:[{en-us:value},{en:value2}]}]`
`offlineScope`	Offline scope. [Optional]
`authzUserConsentPluginRef`	Authorization UserConsent plug-in reference.
`overriddenAuthzExpire`	Overridden authorization code expiration (in seconds).
`overriddenAuthzEnable`	Boolean that enables/disables the authorization override option.
`overriddenAccessExpire`	Overridden access token expiration (in seconds).
`overriddenAccessEnable`	Boolean that enables/disables the access token override option.
`overriddenAccessRefreshExpire`	Overridden access refresh token expiration (in seconds).
`overriddenAccessRefreshEnable`	Boolean that enables/disables the access refresh override option.
`tokenStatic`	A list of static token attributes specified in JSON format: `[{name1:value1},{name2:value2}...]`
`tokenDynamic`	Dynamic token attribute list.

Example

updateOAuthResourceServerInterface('myDomain','sampleResourceServerInterface','sample portal content resource server','secret','true','namespaceprefix.','audienceClaim','[{scopeName:samplePortalContentServer.portal.read,includedInDefault:false,userOffline:false,requiresConsent:true,scopeDesc:[{en-us:read portal content}]},{scopeName:samplePortalContentServer.portal.write,includedInDefault:false,userOffline:false,requiresConsent:true,scopeDesc:[{en-us:write portal content}]}]','offlineScope','AuthzUserConsentPlugin','1200','false','7200','false','28801','false','[]','')

updateOAuthResourceServerInterfaceParam

updateOAuthResourceServerInterfaceParam

Description

Updates a specific parameter with the specified new value.

Syntax

updateOAuthResourceServerInterfaceParam(identityDomainName, name, param, newvalue)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth resource server interface.
`param`	The parameter to update: [`name, description, secret, allowTokenAttrRetrieval, namespacePrefix, audienceClaim, scopeList, offlineScope, authzUserConsentPluginRef`].
`newvalue`	New value for the parameter.

Example

updateOAuthResourceServerInterfaceParam('myDomain',
'sampleResourceServerInterface','namespacePrefix','xyz.')

createOAuthResourceServerInterface

createOAuthResourceServerInterface

Description

Creates an OAuth resource server interface.

Syntax

createOAuthResourceServerInterface(identityDomainName, name, description, globalUID, secret, allowTokenAttrRetrieval, namespacePrefix, audienceClaim, scopeList, offlineScope, authzUserConsentPluginRef, overriddenAuthzExpire, overriddenAuthzEnable, overriddenAccessExpire, overriddenAccessEnable, overriddenAccessRefreshExpire, overriddenAccessRefreshEnable, tokenStatic, tokenDynamic)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth resource server interface.
`description`	A description of the OAuth resource server interface.
`globalUID`	Global unique identifier. [Optional]
`secret`	The secret key.
`allowTokenAttrRetrieval`	Boolean that enables/disables token attribute retrieval.
`namespacePrefix`	A namespace prefix. [Optional]
`audienceClaim`	Audience claim URI. [Optional]
`scopeList`	A list of parameters specified in JSON format: `[{scopeName:myName,includedInDefault:true,userOffline:true,requiresConsent:true,scopeDesc:[{en-us:value},{en:value2}]}]`
`offlineScope`	Offline scope. [Optional]
`authzUserConsentPluginRef`	Authorization UserConsent plug-in reference.
`overriddenAuthzExpire`	Overridden authorization code expiration (in seconds).
`overriddenAuthzEnable`	Boolean that enables/disables the authorization override option.
`overriddenAccessExpire`	Overridden access token expiration (in seconds).
`overriddenAccessEnable`	Boolean that enables/disables the access token override option.
`overriddenAccessRefreshExpire`	Overridden access refresh token expiration (in seconds).
`overriddenAccessRefreshEnable`	Boolean that enables/disables the access refresh override option.
`tokenStatic`	A list of static token attributes specified in JSON format: `[{name1:value1},{name2:value2}...]`
`tokenDynamic`	Dynamic token attribute list.

Example

createOAuthResourceServerInterface('myDomain','sampleResourceServerInterface',
'sample portal content resource server','','secret','true','namespaceprefix.',
'audienceClaim','[{scopeName:samplePortalContentServer.portal.read,
includedInDefault:false,userOffline:false,requiresConsent:true,
scopeDesc:[{en-us:read portal content}]},
{scopeName:samplePortalContentServer.portal.write,
includedInDefault:false,userOffline:false,requiresConsent:true,
scopeDesc:[{en-us:write portal content}]}]',
'offlineScope','AuthzUserConsentPlugin','1200','false','7200','false','28801',
'false','[]','')

removeOAuthUserProfileResourceServer

removeOAuthUserProfileResourceServer

Description

Removes an OAuth User Profile resource server interface.

Syntax

removeOAuthUserProfileResourceServer(identityDomainName, name)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth user profile resource server interface.

Example

removeOAuthUserProfileResourceServer('myDomain','myComponent')

updateOAuthUserProfileResourceServer

updateOAuthUserProfileResourceServer

Description

Updates an OAuth User Profile resource server interface.

Syntax

updateOAuthUserProfileResourceServer(identityDomainName, resName, resDesc, secret, namespacePrefix, authzPluginRef, scopeList, offlineScope, authzExpire, authzEnable, accessExpire, accessEnable, accessRefreshExpire, accessRefreshEnable, tokenStatic, tokenDynamic, endpoint, enabled, subResource, paramList)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`resName`	The name of the OAuth resource server interface.
`resDesc`	A description of the OAuth resource server interface.
`secret`	The secret key.
`namespacePrefix`	A namespace prefix.
`authzPluginRef`	Authorization plug-in reference.
`scopeList`	A list of parameters specified in JSON format: `[{scopeName:myName,includedInDefault:true,userOffline:true,requiresConsent:true,scopeDesc:[{en-us:value},{en:value2}]}]`
`offlineScope`	Offline scope. [Optional]
`authzExpire`	Authorization code expiration (in seconds)
`authzEnable`	Boolean that enables/disables the authorization code option.
`accessExpire`	Access token expiration (in seconds).
`accessEnable`	Boolean that enables/disables the access token option.
`accessRefreshExpire`	Access refresh token expiration (in seconds).
`accessRefreshEnable`	Boolean that enables/disables the access refresh option.
`tokenStatic`	A list of static token attributes specified in JSON format: `[{name1:value1},{name2:value2}...]`
`tokenDynamic`	Dynamic token attribute list.
`endpoint`	Service endpoint.
`enabled`	Boolean to enable/disable.
`subResource`	Specified in JSON format: `[{endpoint:"/sub",enabled:true,implClass:com.oracle.impl,` `entities:[{attributes:"at1,at2",` `relationship:[{` `name:people_groups,endpoint:memberOf,` `srcEntity:person-uri,destEntity:group-uri}]}],` `binding:[{method:GET,allow:true,scope:myscope,addScope:[{name:newscope,attr:"var1,var2"}],` `param:[{param1:val1}]}]}]`
`paramList`	A list of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`

Example

 updateOAuthUserProfileResourceServer('myDomain','userProfile',
'Out Of The Box User Profile Resource Server','welcome1',
'[{scopeName:userProfile.users.read,includedInDefault:false,userOffline:false,
requiresConsent:false,scopeDesc:[{en-us:read any user default profile}]},
{scopeName:userProfile.users.write,includedInDefault:false,userOffline:false,
requiresConsent:false,scopeDesc:[{en-us:write any user default profile}]},
{scopeName:userProfile.group.read,includedInDefault:false,userOffline:false,
requiresConsent:false,scopeDesc:[{en-us:read any group default profile}]},
{scopeName:userProfile.group.write,includedInDefault:false,userOffline:false,
requiresConsent:false,scopeDesc:[{en-us:write any group default profile}]},
{scopeName:userProfile.me.read,includedInDefault:false,userOffline:false,
requiresConsent:true,scopeDesc:[{en-us:read my default profile}]},
{scopeName:userProfile.me.write,includedInDefault:false,userOffline:false,
requiresConsent:true,scopeDesc:[{en-us:write my default profile}]},
{scopeName:userProfile.me.password,includedInDefault:false,userOffline:false,
requiresConsent:true,scopeDesc:[{en-us:write my default password}]}]',
'namespace','userrole','defaultPlugin','900','true','604800','true','28800',
'true','/myuserprofile','false','[{accessControl:false},
{adminGroup:"cn=Administrators,ou=groups,ou=myrealm,dc=base_domain"},
{selfEdit:true}]','[{endpoint:"/me",
enabled:true,implClass:oracle.security.idaas.oauth.jaxrs.Me,
entities:[{attributes:"",relationship:[{name:people_groups,
endpoint:memberOf,srcEntity:person-uri,destEntity:group-uri,scopeNames:""},
{name:people_manager,endpoint:manager,srcEntity:report-uri,
destEntity:manager-uri,scopeNames:""}]}],binding:[{method:"GET",
allow:true,scope:myscope,addScope:[{name:userProfile.me.read,attr:"uid,mail,
description,commonname,firstname,lastname"},{name:userProfile.me.password,
attr:password}]},{method:"POST,PUT,DELETE",allow:true,scope:myscope,
addScope:[{name:userProfile.me.write,attr:"uid,mail,description,commonname,
firstname,lastname"},{name:userProfile.me.password,attr:password}]}],param:[]},
{endpoint:"/users",enabled:true,implClass:oracle.
security.idaas.oauth.jaxrs.Users,entities:[{attributes:"",
relationship:[{name:people_groups,endpoint:memberOf,srcEntity:person-uri,
destEntity:group-uri,scopeNames:""},{name:people_manager,endpoint:manager,
srcEntity:report-uri,destEntity:manager-uri,scopeNames:""}]}],
binding:[{method:"GET",allow:true,scope:myscope,
addScope:[{name:userProfile.users.read,attr:"uid,mail,description,commonname,
firstname,lastname"}]},{method:"POST,PUT,DELETE",allow:true,scope:myscope,
addScope:[{name:userProfile.users.write,attr:"uid,mail,description,commonname,
firstname,lastname"}]}],param:[]},{endpoint:"/groups",enabled:true,
implClass:oracle.security.idaas.oauth.jaxrs.Groups,entities:[{attributes:"",
relationship:[{name:groups_people,endpoint:memberOf,srcEntity:group-uri,
destEntity:person-uri,scopeNames:""}]}],binding:[{method:"GET",allow:true,
scope:myscope,addScope:[{name:userProfile.group.read,attr:"name,description"}]},
{method:"POST,PUT,DELETE",allow:true,scope:myscope,
addScope:[{name:userProfile.group . write,attr:"name,description"}]}],
param:[]}]','[{param1:val1},{param2:val2}]','attr1,attr2')

updateOAuthResourceServerInterfaceParam

updateOAuthResourceServerInterfaceParam

Description

Updates an OAuth resource server interface and allows individual attributes to be modified.

Syntax

updateOAuthResourceServerInterfaceParam(domainName, name, parameter, newvalue)

Argument	Definition
`domainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth resource server interface.
`parameter`	The parameter to update: `name \| description \| allowTokenAttrRetrieval \| secret \| namespacePrefix`
`newvalue`	The new value for the specified parameter.

Example

updateOAuthResourceServerInterfaceParam('myDomain','Resource','description','My new Description')

createOAuthUserProfileResourceServer

createOAuthUserProfileResourceServer

Description

Creates an OAuth User Profile resource server interface.

Syntax

createOAuthUserProfileResourceServer(identityDomainName, resName, resDesc, globalUID, secret, scopeList, namespacePrefix, idsName, authzPluginRef, authzExpire, authzEnable, accessExpire, accessEnable, accessRefreshExpire, accessRefreshEnable, endpoint, enabled, paramList, subResourceList, tokenStatic, tokenDynamic)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`resName`	The name of the OAuth resource server interface.
`resDesc`	A description of the OAuth resource server interface.
`globalUID`	Global unique identifier. (Optional)
`secret`	The secret key.
`scopeList`	A list of parameters specified in JSON format: `[{scopeName:myName,includedInDefault:true,userOffline:true,requiresConsent:true,scopeDesc:` `[{en-us:value},{en:value2}]}]`
`namespacePrefix`	A namespace prefix.
`idsName`	The identity directory service name.
`authzPluginRef`	Authorization plug-in reference.
`authzExpire`	Authorization code expiration (in seconds)
`authzEnable`	Boolean that enables/disables the authorization code option.
`accessExpire`	Access token expiration (in seconds).
`accessEnable`	Boolean that enables/disables the access token option.
`accessRefreshExpire`	Access refresh token expiration (in seconds).
`accessRefreshEnable`	Boolean that enables/disables the access refresh option.
`endpoint`	Service endpoint.
`enabled`	Boolean to enable/disable.
`paramList`	A list of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`
`subResource`	Specified in JSON format: `[{endpoint:"/sub",enabled:true,implClass:com.oracle.impl,` `entities:[{attributes:"at1,at2",` `relationship:[{` `name:people_groups,endpoint:memberOf,` `srcEntity:person-uri,destEntity:group-uri}]}],` `binding:[{method:GET,allow:true,scope:myscope,addScope:[{name:newscope,attr:"var1,var2"}],` `param:[{param1:val1}]}]}]`
`tokenStatic`	A list of static token attributes specified in JSON format: `[{name1:value1},{name2:value2}...]`
`tokenDynamic`	Dynamic token attribute list.

Example

createOAuthUserProfileResourceServer('myDomain','userProfile',
'Out Of The Box User Profile Resource Server','555888','welcome1',
'[{scopeName:userProfile.users.read,includedInDefault:false,userOffline:false,
requiresConsent:false,scopeDesc:[{en-us:read any user default profile}]},
{scopeName:userProfile.users.write,includedInDefault:false,userOffline:false,
requiresConsent:false,scopeDesc:[{en-us:write any user default profile}]},
{scopeName:userProfile.group.read,includedInDefault:false,userOffline:false,
requiresConsent:false,scopeDesc:[{en-us:read any group default profile}]},
{scopeName:userProfile.group.write,includedInDefault:false,userOffline:false,
requiresConsent:false,scopeDesc:[{en-us:write any group default profile}]},
{scopeName:userProfile.me.read,includedInDefault:false,userOffline:false,
requiresConsent:true,scopeDesc:[{en-us:read my default profile}]},
{scopeName:userProfile.me.write,includedInDefault:false,userOffline:false,
requiresConsent:true,scopeDesc:[{en-us:write my default profile}]},
{scopeName:userProfile.me.password,includedInDefault:false,userOffline:false,
requiresConsent:true,scopeDesc:[{en-us:write my default password}]}]',
'namespace','userrole','defaultPlugin','900','true','604800','true','28800',
'true','/myuserprofile','false','[{accessControl:false},
{adminGroup:"cn=Administrators,ou=groups,ou=myrealm,dc=base_domain"},
{selfEdit:true}]','[{endpoint:"/me",enabled:true,
implClass:oracle.security.idaas.oauth.jaxrs.Me,entities:[{attributes:"",
relationship:[{name:people_groups,endpoint:memberOf,srcEntity:person-uri,
destEntity:group-uri,scopeNames:""},{name:people_manager,endpoint:manager,
srcEntity:report-uri,destEntity:manager-uri,scopeNames:""}]}],
binding:[{method:"GET",allow:true,scope:myscope,
addScope:[{name:userProfile.me.read,attr:"uid,mail,description,commonname,
firstname,lastname"},{name:userProfile.me.password,attr:password}]},
{method:"POST,PUT,DELETE",allow:true,scope:myscope,
addScope:[{name:userProfile.me.write,attr:"uid,mail,description,commonname,
firstname,lastname"},{name:userProfile.me.password,attr:password}]}],param:[]},
{endpoint:"/users",enabled:true,
implClass:oracle.security.idaas.oauth.jaxrs.Users,entities:[{attributes:"",
relationship:[{name:people_groups,endpoint:memberOf,srcEntity:person-uri,
destEntity:group-uri,scopeNames:""},{name:people_manager,endpoint:manager,
srcEntity:report-uri,destEntity:manager-uri,scopeNames:""}]}],
binding:[{method:"GET",allow:true,scope:myscope,
addScope:[{name:userProfile.users.read,attr:"uid,mail,description,commonname,
firstname,lastname"}]},{method:"POST,PUT,DELETE",allow:true,scope:myscope,
addScope:[{name:userProfile.users.write,attr:"uid,mail,description,commonname,
firstname,lastname"}]}],param:[]},{endpoint:"/groups",enabled:true,
implClass:oracle.security.idaas.oauth.jaxrs.Groups,
entities:[{attributes:"",relationship:[{name:groups_people,endpoint:memberOf,
srcEntity:group-uri,destEntity:person-uri,scopeNames:""}]}],
binding:[{method:"GET",allow:true,scope:myscope,
addScope:[{name:userProfile.group.read,attr:"name,description"}]},
{method:"POST,PUT,DELETE",allow:true,scope:myscope,
addScope:[{name:userProfile.group.write,attr: "name,description"}]}],
param:[]}]','[{param1:val1},{param2:val2}]','attr1,attr2')

removeOAuthMSMPlugin

removeOAuthMSMPlugin

Description

Removes the specified OAuth MSM Plug-in.

Syntax

removeOAuthMSMPlugin(identityDomainName, name )

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth system component.

Example

removeOAuthMSMPlugin('myDomain','myComponent')

createOAuthMSMPlugin

createOAuthMSMPlugin

Description

Creates the specified OAuth MSM Plug-in.

Syntax

createOAuthMSMPlugin(identityDomainName, name, description, implClass, paramList)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth plug-in.
`description`	Description of the OAuth plug-in.
`implClass`	Implement class of the OAuth Plug-in.
`paramList`	List of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`

Example

createOAuthMSMPlugin('myDomain','sampleSecurityPlugin','sample msm plugin','oracle.security.idaas.rest.provider.plugin.impl.DebugMobileSecurityHandlerImpl','[{OAUTH_TEST:true},{EMU_DEVICE_REG:true},{EMU_HANDLE:false}]')

updateOAuthMSMPlugin

updateOAuthMSMPlugin

Description

Updates the specified OAuth MSM Plug-in.

Syntax

updateOAuthMSMPlugin(identityDomainName, name, description, implClass, paramList)

Argument	Definition
`identityDomainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth plug-in.
`description`	Description of the OAuth plug-in.
`implClass`	Implement class of the OAuth Plug-in.
`paramList`	List of parameters specified in JSON format: `[{name1:value1},{name2:value2}...]`

Example

updateOAuthMSMPlugin('myDomain','sampleSecurityPlugin','sample msm plugin','oracle.security.idaas.rest.provider.plugin.impl.DebugMobileSecurityHandlerImpl','[{OAUTH_TEST:true},{EMU_DEVICE_REG:true},{EMU_HANDLE:false}]')

updateOAuthMSMPluginParam

updateOAuthMSMPluginParam

Description

Updates an OAuth MSM Plug-in.

Syntax

updateOAuthMSMPluginParam(domainName, name, parameter, newvalue)

Argument	Definition
`domainName`	The name of the OAuth identity domain.
`name`	The name of the OAuth plug-in.
`parameter`	Parameter to update: `name \| description \| implClass \| paramList \| paramListAdd \| paramListUpdate \| paramListRemove`
`newvalue`	New value for the specified parameter.

Example

updateOAuthMSMPluginParam('myDomain','defaultMSMPlugin','description','My new Description')

getOAuthIdentityDomains

getOAuthIdentityDomains

Description

Gets all the existing OAuth identity domains.

Syntax

getOAuthIdentityDomains()

Example

getOAuthIdentityDomains()

displayOAuthIdentityDomain

displayOAuthIdentityDomain

Description

Display the specified OAuth identity domain.

Syntax

displayOAuthIdentityDomain(uuid)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.

Example

displayOAuthIdentityDomain('12345678-1234-1234-1234-123456789012')

displayOAuthSystemConfig

displayOAuthSystemConfig

Description

Display the specified OAuth system configuration.

Syntax

displayOAuthSystemConfig(uuid)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.

Example

displayOAuthSystemConfig('12345678-1234-1234-1234-123456789012')

getOAuthSysComponents

getOAuthSysComponents

Description

Gets all the existing OAuth system components.

Syntax

getOAuthSysComponents(uuid)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.

Example

getOAuthSysComponents('12345678-1234-1234-1234-123456789012')

displayOAuthSysComponent

displayOAuthSysComponent

Description

Display the specified OAuth system component.

Syntax

displayOAuthSysComponent(uuid,name)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.
`name`	The name of the specific system component.

Example

displayOAuthSysComponent('12345678-1234-1234-1234-123456789012','DefaultTokenLifeCycleService')

getOAuthServiceProviders

getOAuthServiceProviders

Description

Gets all the existing OAuth service providers.

Syntax

getOAuthServiceProviders(uuid)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.

Example

getOAuthServiceProviders('12345678-1234-1234-1234-123456789012')

displayOAuthServiceProvider

displayOAuthServiceProvider

Description

Display the specified OAuth service provider.

Syntax

displayOAuthServiceProvider(uuid,name)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.
`name`	The name of the specific service provider.

Example

displayOAuthServiceProvider('12345678-1234-1234-1234-123456789012','OAuthServiceProvider')

getOAuthClients

getOAuthClients

Description

Gets all the existing OAuth Clients.

Syntax

getOAuthClients(uuid)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.

Example

getOAuthClients('12345678-1234-1234-1234-123456789012')

displayOAuthClient

displayOAuthClient

Description

Display the specified OAuth client.

Syntax

displayOAuthClient(uuid,name)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.
`name`	The name of the specific client.

Example

displayOAuthClient('12345678-1234-1234-1234-123456789012','sampleOAuthClient')

getOAuthAdaptiveAccessPlugins

getOAuthAdaptiveAccessPlugins

Description

Gets all the existing OAuth Adaptive Access plug-ins.

Syntax

getOAuthAdaptiveAccessPlugins(uuid)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.

Example

getOAuthAdaptiveAccessPlugins('12345678-1234-1234-1234-123456789012')

displayOAuthAdaptiveAccessPlugin

displayOAuthAdaptiveAccessPlugin

Description

Display the specified OAuth adaptive access plug-in.

Syntax

displayOAuthAdaptiveAccessPlugin(uuid,name)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.
`name`	The name of the specific adaptive access plug-in.

Example

displayOAuthAdaptiveAccessPlugin('12345678-1234-1234-1234-123456789012','sampleOAuthClient')

getOAuthAuthzPlugin

getOAuthAuthzPlugin

Description

Gets all the existing OAuth authorization plug-ins..

Syntax

getOAuthAuthzPlugin(uuid)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.

Example

getOAuthAuthzPlugin('12345678-1234-1234-1234-123456789012')

displayOAuthAuthzPlugin

displayOAuthAuthzPlugin

Description

Display the specified OAuth authorization plug-in.

Syntax

displayOAuthAuthzPlugin(uuid,name)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.
`name`	The name of the specific authorization plug-in.

Example

displayOAuthAuthzPlugin('12345678-1234-1234-1234-123456789012','sampleOAuthClient')

getOAuthTokenAttributesPlugins

getOAuthTokenAttributesPlugins

Description

Gets all the existing OAuth token attributes plug-ins.

Syntax

getOAuthTokenAttributesPlugins(uuid)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.

Example

getOAuthTokenAttributesPlugins('12345678-1234-1234-1234-123456789012')

displayOAuthTokenAttributesPlugin

displayOAuthTokenAttributesPlugin

Description

Display the specified OAuth token attributes plug-in.

Syntax

displayOAuthTokenAttributesPlugin(uuid,name)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.
`name`	The name of the specific token attributes plug-in.

Example

displayOAuthTokenAttributesPlugin('12345678-1234-1234-1234-123456789012','sampleOAuthClient')

getOAuthResourceServerInterfaces

getOAuthResourceServerInterfaces

Description

Gets all the existing OAuth resource server interfaces.

Syntax

getOAuthResourceServerInterfaces(uuid)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.

Example

getOAuthResourceServerInterfaces('12345678-1234-1234-1234-123456789012')

displayOAuthResourceServerInterface

displayOAuthResourceServerInterface

Description

Display the specified OAuth resource server interface.

Syntax

displayOAuthResourceServerInterface(uuid,name)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.
`name`	The name of the specific resource server interface.

Example

displayOAuthResourceServerInterface('12345678-1234-1234-1234-123456789012','sampleOAuthClient')

getOAuthUserProfileResourceServers

getOAuthUserProfileResourceServers

Description

Gets all the existing OAuth User Profile resource server plug-ins.

Syntax

getOAuthUserProfileResourceServers(uuid)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.

Example

getOAuthUserProfileResourceServers('12345678-1234-1234-1234-123456789012')

displayOAuthUserProfileResourceServer

displayOAuthUserProfileResourceServer

Description

Display the specified OAuth User Profile resource server plug-in.

Syntax

displayOAuthUserProfileResourceServer(uuid,name)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.
`name`	The name of the specific User Profile resource server plug-in.

Example

displayOAuthUserProfileResourceServer('12345678-1234-1234-1234-123456789012','UserProfile')

getOAuthServiceProfiles

getOAuthServiceProfiles

Description

Gets all the existing OAuth service profiles.

Syntax

getOAuthServiceProfiles(uuid)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.

Example

getOAuthServiceProfiles('12345678-1234-1234-1234-123456789012')

displayOAuthServiceProfile

displayOAuthServiceProfile

Description

Display the specified OAuth service profile.

Syntax

displayOAuthServiceProfile(uuid,name)

Argument	Definition
`uuid`	The universally unique identifier for the identity domain.
`name`	The name of the specific service profile.

Example

displayOAuthServiceProfile('12345678-1234-1234-1234-123456789012','OAuthServiceProfile')