Chapter 4. Configuring OAuth clients

Procedure

• To register additional OAuth clients:

  $ oc create -f <(echo '
  kind: OAuthClient
  apiVersion: oauth.openshift.io/v1
  metadata:
   name: demo 

  1

  
  secret: "..." 

  2

  
  redirectURIs:
   - "http://www.example.com/" 

  3

  
  grantMethod: prompt 

  4

  
  ')

  Copy to Clipboard Toggle word wrap

  1

  The name of the OAuth client is used as the client_id parameter when making requests to <namespace_route>/oauth/authorize and <namespace_route>/oauth/token.

  2

  The secret is used as the client_secret parameter when making requests to <namespace_route>/oauth/token.

  3

  The redirect_uri parameter specified in requests to <namespace_route>/oauth/authorize and <namespace_route>/oauth/token must be equal to or prefixed by one of the URIs listed in the redirectURIs parameter value.

  4

  The grantMethod is used to determine what action to take when this client requests tokens and has not yet been granted access by the user. Specify auto to automatically approve the grant and retry the request, or prompt to prompt the user to approve or deny the grant.

Prerequisites

• You have access to the cluster as a user with the cluster-admin role.
• You have configured an identity provider (IDP).

Procedure

• Update the OAuthClient configuration to set a token inactivity timeout.

  1. Edit the OAuthClient object:

     $ oc edit oauthclient <oauth_client> 

     1

     Copy to Clipboard Toggle word wrap

     1

     Replace <oauth_client> with the OAuth client to configure, for example, console.

     Add the accessTokenInactivityTimeoutSeconds field and set your timeout value:

     apiVersion: oauth.openshift.io/v1
     grantMethod: auto
     kind: OAuthClient
     metadata:
     ...
     accessTokenInactivityTimeoutSeconds: 600 

     1

     Copy to Clipboard Toggle word wrap

     1

     The minimum allowed timeout value in seconds is 300.

  2. Save the file to apply the changes.