Tutorial (OAuth Setup)
How do I perform the OAuth setup process in the platform?
The OAuth setup process involves a series of configuration tasks performed by different roles (Site Administrator, Business Administrator, API Provider, and App Developer) to achieve the end result of being able to authorize your app using an OAuth Provider. This quick start provides an end-to-end walkthrough to illustrate the overall process and roles performing each task. The walkthrough includes links to more detailed topics within the help.
Steps:
- Prerequisite: Install Resource Owner and OAuth Provider Features
- Step 1: Configure Resource Owner Domain
- Step 2: Configure OAuth Provider Domain
- Step 3: Configure API with OAuth Provider
- Step 4: Configure OAuth Security Credentials for App
- Step 5: Test OAuth Configuration
| Tasks | Performed By / Description |
|---|---|
| Install Resource Owner and OAuth Provider Features |
Site Administrator This task is performed using the Akana Administration Console. Each feature installs one or more domains to the More > Admin >Domains section in the platform, and the domains are available for selection via the Add Domain function. Note: This task is performed as part of the initial platform setup process. |
| Configure Resource Owner Domain |
Business Administrator / API Provider This task is performed in the More > Admin >Domains section using the Add Domain function. A Resource Owner domain is an identity store that defines OAuth Providers you would like to establish access permissions with. Selecting a Resource Owner is typically based on the most common method by which users will be accessing an API or application (Google®, Yahoo®, Facebook®, etc.). Note: Configuring one or more Resource Owner domains is a prerequisite to configuring an OAuth Provider domain. Configured Resource Owner domains automatically populate the OAuth Provider domain user interface and are required input when you configure the OAuth Provider domain. CA SiteMinder or LDAP Skip this step if you are you are using a Policy Manager CA SiteMinder or LDAP Identity System that you have integrated and configured to support Single Sign-On as the Identity System will already display on the list of available domains in the Resource Owner Authentication Domain drop-down list in the More > Admin > Domains > Add Domain > OAuth Provider Domain wizard (Grant Types tab). |
| Configure OAuth Provider Domain |
Business Administrator / API Provider This task is performed in the More > Admin >Domains section using the Add Domain function. The OAuth Provider domain option must first be populated with Resource Owner domains that represent the various OAuth Providers you would like to establish access permissions with. |
| Configure API with OAuth Provider |
API Provider This task is performed in the API > API Details section using the OAuth Details function. The Resource Owner and OAuth Provider domains must be pre-defined by the Business Administrator and available for selection in the API OAuth Wizard. |
| Configure OAuth Profile for App |
App Developer This task is performed in the App > App > OAuth Profile section. |
| Send Requests to App to test OAuth Configuration |
App Developer This task is performed using the Test Client tool: App > Test Client. Select the API, and any other values. Click Setup and verify the app credentials; then click Security, page through the wizard, and set up OAuth options as needed. Then click Invoke to send a request. You can also try out a specific API, with you app or on its own. Go to API > Test Client. |
Prerequisite: Install Resource Owner and OAuth Provider Features
Performed by: Site Administrator
Before you can configure authorization domains, you must install the Resource Owner and OAuth Provider domains via the Akana Administration Console. For installation information, refer to Installing the Akana API Platform. For a list of features and descriptions, see What domain types are supported? (Business Admin help).
Note: This task is performed as part of the initial platform setup process.
Step 1: Configure Resource Owner Domain
Performed by: Business Administrator / API Provider
The first step in the OAuth Provider configuration process is to identity the target user base that will require authorization when logging into an application. For example, if your users typically use Google as a method of performing an external login, the Business Admin will need to set up a Google Connector domain. If your users typically use SiteMinder as a method of performing an external login, they will require an LDAP identity store.
Note: The Google Connector domain is deprecated in version: 2020.1.0. Use the OpenID Connect Relying Party domain instead. See OpenID Connect Support.
CA SiteMinder or LDAP
Skip this step if you are you are using a Policy Manager CA SiteMinder or LDAP Identity System that you have integrated and configured to support Single Sign-On as the Identity System will already display on the list of available domains in the Resource Owner Authentication Domain drop-down list in the More > Admin > Domains > Add Domain > OAuth Provider Domain wizard (Grant Types tab).
To configure an LDAP Resource Owner Domain
- The LDAP Resource Owner Domain is preinstalled and is available for selection when you configure the OAuth Provider domain. Continue to Step 2.
Step 2: Configure OAuth Provider Domain
Performed by: Business Administrator / API Provider
After configuring your Resource Owner Domain, the second step is to configure an OAuth Provider domain.
To configure an OAuth Provider domain
- Follow the steps in How do I set up and configure an OAuth Provider domain? and then continue with Step 3.
Step 3: Configure API with OAuth Provider
Performed by: API Provider
After the Business Admin configures the Resource Owner and OAuth Provider domains, they are available on the APIs > My APIs > choose API > Details page. At the top right, click the arrow and choose OAuth Details.
To configure OAuth for your API
- Follow the steps in How do I configure OAuth Details for my API? and then continue with Step 4.
Step 4: Configure OAuth Security Credentials for App
Performed by: App Developer
To configure your app with OAuth
- Follow the instructions in How do I configure OAuth credentials? and then continue to Step 5.
Step 5: Test OAuth Configuration
Performed by: App Developer
