MobileFirst 7.1 OAuth Token Request

Question

I am trying to use MobileFirst Server as a OAuth Server. The knowledge center provide detail step on how any external application can validate the token sent by Mobile client via MobileFirst Token validator end point. But not able to find proper documentation for request a new authorization token from mobile client from MFP Server.

In development environment we have a testtoken endpoint.

http://localhost:10080/OAuthExternalServer/authorization/v1/testtoken

{ "Authorization": "Bearer eyJqcG ......... }

How to get similar token from MFP production server on mobile client.

MFP Version: Server version: 7.1.0.00.20170330-0917

Thanks

Kavitha Varadarajan Kavitha Varadarajan · Accepted Answer · 2017-05-26T03:39:56

With the OAuth security model, MFP server is your OAuth token provider. Upon completing the challenge server gives you an OAuth token. You need not do anything special in the ChallengeHandler for OAuth token. Refer to the samples here: https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1‌/authentication-security/

If you are looking to use OAUTH for authenticating an external resource , refer the steps here https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.0/authentication-security/using-mobilefirst-server-authenticate-external-resources/

Here is an example token validator which uses introspectionData to validate https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/8.0/authentication-and-security/protecting-external-resources/jtv/

Basically Introspection Endpoint can be invoked to validate the token provided by MFP server

General OAuth flow with 7.1 for a default flow can be referred here https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.0/authentication-security/authentication-concepts/oauth-based-security-model/ .

MobileFirst 7.1 OAuth Token Request

1 Answers