Tutorial (OAuth Setup)

How do I perform the OAuth setup process in the platform?

The OAuth setup process involves a series of configuration tasks performed by different roles (i.e. Site Administrator, API Provider, and App Developer) to achieve the end result of being able to authorize your app using an OAuth Provider. This quick start provides an end-to-end walkthrough to illustrate the overall process and roles performing each task. The walkthrough includes links to more detailed topics within the help.

Tasks Performed By / Description
Install Resource Owner and OAuth Provider Features Site Administrator

This task is performed using the SOA Software Administration Console. Each feature installs one or more domains to the Site Administration > Domains section in the platform, and the domains are available for selection via the Add Domain function.

Note: This task is performed as part of the initial platform setup process.
Configure Resource Owner Domain

Site Administrator / API Provider

This task is performed in the Site Administration > Domains section using the Add Domain function.

A Resource Owner domain is an identity store that defines OAuth Providers you would like to establish access permissions with. Selecting a Resource Owner is typically based on the most common method by which users will be accessing an API or application (Google®, Yahoo®, Facebook®, etc.).

Note: Configuring one or more Resource Owner domains is a prerequisite to configuring an OAuth Provider domain. Configured Resource Owner domains automatically populate the OAuth Provider domain user interface and are required input when you configure the OAuth Provider domain.

CA SiteMinder or LDAP

Skip this step if you are you are using a Policy Manager CA SiteMinder or LDAP Identity System that you have integrated and configured to support Single Sign-On as the Identity System will already display on the list of available domains in the Resource Owner Authentication Domain drop-down list in the Admin > Add Domain > OAuth Provider wizard (Grant Types tab).

Configure OAuth Provider Domain Site Administrator / API Provider

This task is performed in the Site Administration > Domains section using the Add Domain function.

The OAuth Provider domain option must first be populated with Resource Owner domains that represent the various OAuth Providers you would like to establish access permissions with.
Configure API with OAuth Provider API Provider

This task is performed in the API > API Details section using the OAuth Details function.

The Resource Owner and OAuth Provider domains must be pre-defined by the Site Administrator and available for selection in the API OAuth Wizard.

Configure OAuth Security Credentials for App App Developer

This task is performed in the App > App Details > Security Credentials section using the Show OAuth Details and Edit function.

Note: The type of security credentials required is based on the grant types supported by the OAuth Provider the API the app is connected to is using. Configuring OAuth for an app is only required if the API OAuth configuration is using the Authorization Code grant.

Send Requests to App to test OAuth Configuration App Developer

This task is performed using the test client: App > Dev Console. You select the API, and then click Run It to perform the authorization. After the app is authorized you then select Run It to send a request.

Prerequisite: Install Resource Owner and OAuth Provider Features

Performed by: Site Administrator

Before you can configure authorization domains, you must install the Resource Owner and OAuth Provider domains via the SOA Software Administration Console. Site Administrators can refer to the Community Manager Installation Guide (available on the Akana Support Site) for complete installation instructions. See What domain types are supported? for a list of features and descriptions.

Note: This task is performed as part of the initial platform setup process.

Step 1: Configure Resource Owner Domain

Performed by: Site Administrator / API Provider

The first step in the OAuth Provider configuration process is to identity the target user base that will require authorization when logging into an application. For example, if your users typically use Google as a method of performing an external login, the Site Admin will need to set up a Google Connector domain. If your users typically use SiteMinder as a method of performing an external login, they will require an LDAP identity store.

CA SiteMinder or LDAP

Skip this step if you are you are using a Policy Manager CA SiteMinder or LDAP Identity System that you have integrated and configured to support Single Sign-On as the Identity System will already display on the list of available domains in the Resource Owner Authentication Domain drop-down list in the Admin > Add Domain > OAuth Provider wizard (Grant Types tab).

To configure an LDAP Resource Owner Domain:
  1. The LDAP Resource Owner Domain is preinstalled and is available for selection when you configure the OAuth Provider domain. Continue to Step 2.

Step 2: Configure OAuth Provider Domain

Performed by: Site Administrator / API Provider

After configuring your Resource Owner Domain, the second step is to configure an OAuth Provider domain.

To configure an OAuth Provider domain:
  1. Follow the steps in How do I set up and configure an OAuth Provider domain? and then continue with Step 3.

Step 3: Configure API with OAuth Provider

Performed by: API Provider

After the Site Administrator / API Provider configures the Resource Owner and OAuth Provider domains, they are available on the API > Details page via the OAuth Details function.

To configure OAuth for your API:
  1. Follow the steps in How do I configure my API with an OAuth Provider? and then continue with Step 4.

Step 4: Configure OAuth Security Credentials for App

Performed by: App Developer

To configure your app with OAuth:
  1. Perform How do I configure OAuth credentials? and continue to Step 5.

Step 5: Test OAuth Configuration

Performed by: App Developer

To test authorizing your app with OAuth and send a request:
  1. Perform How do I test authorization of my app with OAuth using the Dev Console?

Back to top