{"id":76,"date":"2022-02-21T14:05:00","date_gmt":"2022-02-21T14:05:00","guid":{"rendered":"https:\/\/amlen.org\/?p=76"},"modified":"2022-02-21T14:13:26","modified_gmt":"2022-02-21T14:13:26","slug":"the-long-winded-guide-to-setting-up-amlen-oauth2","status":"publish","type":"post","link":"https:\/\/amlen.org\/index.php\/2022\/02\/21\/the-long-winded-guide-to-setting-up-amlen-oauth2\/","title":{"rendered":"The Long-Winded Guide to setting up Amlen: OAuth2"},"content":{"rendered":"\n

This is a section of a multi-part guide to setting up the Amlen Message Broker. If you want to see the other parts check out the Introduction\/Contents<\/a>.<\/p>\n\n\n\n


We’ve previously looked at authenticating client using client certificates and using an LDAP server but let’s have a brief look at a third way: OAuth2 which tends to be used in Web\/Mobile use cases rather than traditional IoT.<\/p>\n\n\n\n

In OAuth2, before connecting to Amlen, sends credentials to an OAuth2 server and receives a token. It then connects to Amlen using the username IMA_OAUTH_ACCESS_TOKEN and supplies the token as the password. Amlen then verifies this token with the OAuth2 server and is told the username (and optional groups) that the token corresponds to.<\/p>\n\n\n\n

OAuth2 allows Amlen to delegate the authentication to the OAuth2 server – it traditionally allows multiple services to have a shared single sign-on infrastructure but you can also view it as like an “authentication plugin” system for Amlen with Amlen communicating to the custom authentication logic over https.

There is a tiny example python OAuth2 server here:
https:\/\/github.com\/jonquark\/messagesight-demos-docker\/tree\/master\/pythonOAuthServer<\/a><\/p>\n\n\n\n

Because we have already covered LDAP and the setup is very similar I won’t go into detail – but make sure that the security profile that you use has the OAuth2 profile and password authentication turned on.<\/p>\n\n\n\n

Next we’ll take a look at some policies in Amlen….but that installment is yet to be published.<\/p>\n","protected":false},"excerpt":{"rendered":"

This is a section of a multi-part guide to setting up the Amlen Message Broker. If you want to see the other parts check out the Introduction\/Contents. We’ve previously looked at authenticating client using client certificates and using an LDAP server but let’s have a brief look at a third way: OAuth2 which tends to… Continue reading The Long-Winded Guide to setting up Amlen: OAuth2<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-76","post","type-post","status-publish","format-standard","hentry","category-uncategorised","entry"],"_links":{"self":[{"href":"https:\/\/amlen.org\/index.php\/wp-json\/wp\/v2\/posts\/76","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/amlen.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/amlen.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/amlen.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/amlen.org\/index.php\/wp-json\/wp\/v2\/comments?post=76"}],"version-history":[{"count":3,"href":"https:\/\/amlen.org\/index.php\/wp-json\/wp\/v2\/posts\/76\/revisions"}],"predecessor-version":[{"id":110,"href":"https:\/\/amlen.org\/index.php\/wp-json\/wp\/v2\/posts\/76\/revisions\/110"}],"wp:attachment":[{"href":"https:\/\/amlen.org\/index.php\/wp-json\/wp\/v2\/media?parent=76"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/amlen.org\/index.php\/wp-json\/wp\/v2\/categories?post=76"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/amlen.org\/index.php\/wp-json\/wp\/v2\/tags?post=76"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}