Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
code share

OAuth 2.0 Dynamic Client Registration

Problem this snippet solves:

OAuth 2.0 is now supported in version 13. Client applications need to be defined manually in the Web UI. We developed an irule allowing a client application to self register.

How to use this snippet:

This code makes calls to external functions : json2dict and HTTP Super SIDEBAND Requestor. You need to add them to your set of irules on the BIG-IP before configuring the client app registration service.

json2dict

proc json2dict JSONtext {
    string range [
        string trim [
            string trimleft [
                string map {\t {} \n {} \r {} , { } : { } \[ \{ \] \}} $JSONtext
                ] {\uFEFF}
            ]
        ] 1 end-1
}

Workflow

The client application will do the following request :

POST /f5-oauth2/v1/client-register HTTP/1.1
Host: oauthas.example.com
User-Agent: curl/7.47.1
Accept: */*
Content-Length: 29
Content-Type: application/x-www-form-urlencoded

username=user&password=pwd

This request can be achieved using cURL :

curl -k -vvv https://oauthas.example.com/f5-oauth2/v1/client-register -d 'username=user&password=pwd'

Quick notes

The irule is configured to create Client Applications with Resource Owner Password Credentials Grant (ROPC) mode activated. The irule needs to be modified to activate other modes

Update (2018-05-01)

  • Add a way to configure static client_id and client_secret

Update (2018-01-12)

  • URI decode username and password parameters

Update (2017-11-07)

  • Use HTTP::collect to workaround issues with large body

Update (2017-10-25)

  • Enhance JSON result parsing and attribute retrieval
Tested on Version:
13.0
Comments on this Snippet
Comment made 26-Oct-2017 by Herve Bossant 0

Thanks for tyour contribution and your support. Nice piece of code.

1
Comment made 14-Nov-2017 by Or Yaacov

Nice Code Yann

In addition, 13.1.0.8 will introduce templates registration for client applications through the guided configuration framework. Your automation code is superb. Thanks for posting

0
Comment made 11-May-2018 by Walter Kacynski 973

I can find no code for the guided configuration. I have opened a support case to inquire on it's location.

0
Comment made 15-May-2018 by Walter Kacynski 973

Support says that Guided configuration is not yet available.

0
Comment made 08-Aug-2018 by Or Yaacov

@Walter Wacynski , Note AGC are available from 13.1.0.8 while re-licensing your APM

0
Comment made 08-Aug-2018 by Walter Kacynski 973

Thanks, I have it available now... but not on LAB licenses :(

0
Comment made 4 months ago by ShawnR 2

Are there any plans to support OID DCR from the official spec?

https://openid.net/specs/openid-connect-registration-1_0.html

0