A Few OAuth Notes

While I was working with a fellow developer building an integration for IBM Connections on premises, I found out about a couple of key items with the OAuth Provider.

1 – You can see a JSON Array of the Current User Tokens, when logged in as that user.

Navigate to https://sbdev.server:444/oauth2/authzMgmt/connectionsProvider

Login to IBM Connections

Look at the JSON Data to see the Granted Applications for the Logged in User

Apps
Apps

2 – You can see all the applications which are granted user oauth tokens – automatically authorized and manually authorized.

Navigate to https://sbtdev.server/common/oauth/apps?autoAuth=true

3 – OAuth Whitelists

Per
http://www-01.ibm.com/support/docview.wss?uid=swg21627911 , you can update your OAuth whitelists based on the client-id you set.

“As a measure to reduce hassle to users for trusted OAuth clients, IBM Connections implements an extension to the OAuth protocol that allows whitelisted clients to skip the authorization request when utilized from within the Connections user interface. In order to list an application as a trusted auto-authorization enabled client, an administrator must perform steps that are covered by the product documentation topic http://www-10.lotus.com/ldd/lcwiki.nsf/dx/Registering_an_OAuth_client_with_a_provider_ic40 .

Edit the connectionsProvider.xml in the Deployment Manager profile.

clients-oauth

Synchronize your nodes, and restart the server.

Volia… you have

Finally you can read more about OAuth at  http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/admin/t_admin_registeroauthclientwprovider.dita

Leave a Reply

Your email address will not be published. Required fields are marked *