Set up API Gateway as an OAuth 2.0 server > Enable OAuth management

Enable OAuth management

The OAuth service is not available in the basic installation. You must deploy it manually. A convenience script is provided in $VDISTDIR/samples/scripts/oauth for deploying the OAuth 2.0 services listener, supporting policies, and sample applications. VDISTDIR is the directory in which API Gateway is installed.

To deploy the OAuth service, change directory to $VDISTDIR/samples/scripts, and run the deployOAuthConfig.py script as follows:

UNIX/Linux 

./run.sh oauth/deployOAuthConfig.py

Windows 

run.bat oauth\deployOAuthConfig.py

This deploys the OAuth server components on port 8089 and the client demo on port 8088.

The parameters for the script are as follows:

Option Description
-h,
--help		 Display help for the script.
-u USERNAME,
--username=USERNAME		 The administrator user name to use to connect to the topology. This is the administrator user name you entered during API Gateway installation.
-p PASSWORD,
--password=PASSWORD		 The password for the administrator user to connect to the topology. This is the administrator password you entered during API Gateway installation.
--port=PORT The port the Client Application Registry is listening on. The default is 8089.
--admin=ADMIN The administrator user name for the Client Application Registry. The default is regadmin.
--adminpw=ADMINPW The administrator password for the Client Application Registry.
--type=TYPE

The deployment type. The options are:

  • authzserver
  • clientdemo
  • all

The default is all.
-g GROUP,
--group=GROUP		 The group name.
-n SERVICE,
--service=SERVICE		 The service name.

The API Gateway provides the following endpoints used to manage OAuth 2.0 client applications:

Description URL

Authorization Endpoint (REST API)

https://HOST:8089/api/oauth/authorize

Token Endpoint (REST API)

https://HOST:8089/api/oauth/token

Token Info Endpoint (REST API)

https://HOST:8089/api/oauth/tokeninfo

Revoke Endpoint (REST API)

https://HOST:8089/api/oauth/revoke

Client Application Registry (HTML Interface)

https://HOST:8089

Client Application Registry (REST API)

https://HOST:8089/api/kps/ClientApplicationRegistry

In this table, HOST refers to the machine on which API Gateway is installed.

Note   To enable these endpoints, you must first enable the OAuth listener port in the API Gateway. For more details, see Enable OAuth endpoints.

Enable OAuth endpoints

To enable the OAuth management endpoints on your API Gateway, perform the following steps:

  1. In the Policy Studio tree, select Listeners > API Gateway > OAuth 2.0 Services > Ports.
  2. Right-click the OAuth 2.0 Interface  in the panel on the right, and select Edit.
  3. Select Enable Interface  in the dialog.
  4. Click the Deploy  button in the toolbar.
  5. Enter a description and click Finish.
Note   On Linux-based systems, such as Oracle Enterprise Linux, you must open the firewall to allow external access to port 8089. If you need to change the port number, set the value of the env.PORT.OAUTH2.SERVICES environment variable. For details on setting external environment variables for API Gateway instances, see the API Gateway Deployment and Promotion Guide.