OAuth2 Client Access Tokens

This administrative utility allows for the maintenance of OAuth2 authentication tokens received from remote servers. 

The key purpose of OAuth2 authentication is to provide additional security when accessing remote sites, without the need to pass authentication credentials such as your user name and password with every request for data.  The authentication is performed once, and a token is provided to the calling application to use for subsequent calls.  Each token is expected to have a lifetime defined on the remote server.  This provides for automatic expiration of the tokens.  Following expiration, action must be taken by the calling user or program to reauthenticate and receive a fresh token.

Before configuring the feature, please make sure your Apache Tomcat application server configuration file has the appropriate mount points for the OAuth2 connection.  These will be similar to these entries with your instance’s <instance name> and <tomcat service name>:

 

JkMount /<instance name>/Oauth2 <tomcat service name>

JkMount /<instance name>/Oauth2/* <tomcat service name>

You enter the utility via the Ciient Access Tokens which is under the Advanced administration tab..

You will see a list of existing tokens and their expiry time.

Note that expired tokens show with their expiration date in red, while valid tokens appear in green.

To set up a new token, click the add button and simply insert the URL to the remote server, including the name of the installation.  For example, if you access your installation with a URL of https://www.mycompany.com/evj/ExtraView, the entry to create a new token will be https://www.mycompany.com/evj.  The new token will be displayed along with its expiration date and time.

One point to be aware of is that the OAuth2 protocol is only specified to work with https connections, not with http.  However, if you or your users want to take advantage of a redirect configured within the web server, from http to https, then this is allowable, as long as the remainder of the address is the same.  For security reasons, ExtraView will not allow a redirect from an address on one domain to a different domain.

Also on this screen is a button with the title Delete Expired Tokens.  This allows the administrator to delete all the expired tokens from the database.  Tokens have no purpose once they have expired, and this option simply cleans up the database entries for the expired tokens.