OpenAM Administration Guide
Chapter 13. Managing OAuth 2.0 Authorization

Procedure 13.2. To Create an OAuth 2.0 Client Agent Profile

• Use either of these two facilities.

  • In the OpenAM console, access the client registration endpoint at /oauth2/registerClient.jsp.

    The full URL depends on where you deployed OpenAM. For example, https://openam.example.com:8443/openam/oauth2/registerClient.jsp.

    The Register a Client page lets you quickly create and configure an OAuth 2.0 client in a simple web page without inline help.

  • In the OpenAM console under Access Control > Realm Name > Agents > OAuth 2.0 Client > Agent, click New, then provide the client identifier and client password, and finally click Create to create the profile.

    This page requires that you perform additional configuration separately.

Procedure 13.3. To Configure an OAuth 2.0 Client Agent Profile

After initially registering or creating a client agent profile as necessary.

1. In the OpenAM console, browse to Access Control > Realm Name > Agents > OAuth 2.0 Client > Agent > Client Name to open the Edit Client Name page.

2. Adjust the configuration as needed using the inline help for hints, and also the documentation section Configuring OAuth 2.0 & OpenID Connect 1.0 Clients.

   Examine the client type option. An important decision to make at this point is whether your client is a confidential client or a public client. This depends on whether your client can keep its credentials confidential, or whether its credentials can be exposed to the resource owner or other parties. If your client is a web-based application running on a server, such as the OpenAM OAuth 2.0 client, then you can keep its credentials confidential. If your client is a user-agent based client, such as a JavaScript client running in a browser, or a native application installed on a device used by the resource owner, then yours is a public client.

3. When finished, Save your work.