Forum Discussion
Trouble with OAuth2 Authorization supplying JWT token
I've spent days now racking my head trying to get this to work. I have a client who needs the BIG-IP just to supply a JSON Web Token through OAuth2 Authorization on APM to an api client. They are not using a Resource server, they just want the token and their custom api will do the rest. I've configured the Access Profile and yet anything I do always comes back with the following log entry :
/Common/oath-auth-profile_act_oauth_authz_ag: OAuth mode not set for Authorization Agent: OAuth profile is not configured for this access profile.
There is no setting on the OAuth profile to enter the type of OAuth mode. Just the OAuth Client Application (Which they will not be using as they want to use direct api access to request the token).
The https logon page displays correctly (for testing) and the ldap auth works. Once it gets to the OAuth Authorization it immediately fails and enters the above into the apm.log
Any help would be greatly appreciated.
- Walter_KacynskiCirrostratus
OK, I had this problem. The OAuth Authorization agent requires an HTTP POST to the uri-path specified on the profile from an OAuth2 Client. That client can be another application like postman, Java, .NET, Node, etc, or another BIG-IP access policy (OAuth Client agent).
- MarvinCirrocumulus
Hi Walter, could you share some more details on how to craft such a POST call to test the Oauth authorization server?
- MarvinCirrocumulus
you should include the username and password in the payload to authenticate on the F5 logon page and afterwards include an authorization code and with that receive the JSON Web Token (JWT) if I am correct...
- MarvinCirrocumulus
Already have the answer use Postman and select Type oauth request 2.0 and fill in the client secret and id and you are good to go!
- dromeroNimbostratus
Hi,
I would like to configure the same as Arno_Kobarg_623. However, we don't know how to configure postman to include the username and password in the payload to authenticate on the F5 logon page and afterwards include an authorization code to receive the JSON JWT.
I can select Type Oauth 2.0 in Postman and fill the client secret and ID but afterwards I see the logon page, where I would like to include the username and password instead of filling the logon page.
Thanks!!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com