AltocumulusAPM Oauth clintless mode
Hi,
We currently have the following setup:
client( not a web browser) sends a post request to an internal oauth server with the following parameters:
username: some_user
password: some_pass
scope: some_scope
grant_type: some_grant
if the client passes the authentication he receives a bearer access token which is inserted to the header on the response. Then he can access and use the rest api.
We want to integrate F5 into the current scenario so it will act as a client/resource provider( I hope those are the right terms) and then will check the validity of the access token. I'm pretty new to all of the terms and the process of getting an access token, I have read couple of posts on devcentral, guides on f5 clouddocs and on ask f5 and started to play around with it. Those are the resources I've used so far:
https://devcentral.f5.com/questions/apm-authentication-for-a-sessionless-and-clientless-api-62162 https://clouddocs.f5.com/training/community/iam/html/class2/module1/module1.html
I have a very general idea how its supposed to work:
- Client sends a POST request to a VS with apm.
- An irule will check the request and insert clientless mode.
- somehow I need to parse the POST parameters and assign them to the appropriate APM variables.
- There must be a provider configuration and a request configuration ( with the appropriate variables which were parsed ).
- F5 requests an access token from the oauth server and if successful then on the response it inserts a bearer header with the received access token.
- The client sends requests to the api which is configured behind a different VS with a per request AP which will verify his bearer token and the scope with the Oauth server.
I would like to know if that's something possible to achieve and where and how to start.
Thanks, Alex
