Authorization Management Commands
Once client applications are registered with the OAuth provider in HCL Connections, they are allowed to request authorization from Connections users to access and interact with their data. Connections administrators can run wsadmin commands to manage authorizations issued to registered client applications, in order to revoke authorizations granted to malicious applications, or to remove a compromised access token.
Launching the wsadmin shell
Administrators can launch the wsadmin shell by running oauthAdmin.py as follows:wsadmin>execfile('oauthAdmin.py')
Once the OAuth Administration successfully starts, the
admin object OAuthAuthorizationService becomes available: Connecting to WebSphere:name=OAuthApplicationRegistrationService,type=LotusConnections,cell=guadalupeNode02Cell,node=guadalupeNode02,*
OAuth Administration initialized.
The following commands are available:Get an authorization
- OAuthAuthorizationService.getAuthorizationsById(String authorizationId)
- Administrators can retrieve an authorization by id by running
this command. The command takes the argument authorizationId The
identifier of the authorization, for example:
wsadmin>OAuthAuthorizationService.getAuthorizationsById('Cc4sBWo0p9PgDTjiFv0ddEMoCSkHViWFXMNlEpRr')
This command prints details about the authorization.
{token=Cc4sBWo0p9PgDTjiFv0ddEMoCSkHViWFXMNlEpRr, redirect_uri=https://renovations.ca.ibm.com:9445/oauthclient/redirect.jsp, id=Cc4sBWo0p9PgDTjiFv0ddEMoCSkHViWFXMNlEpRr, username=aalain, client_id=notes-ee}
Browse authorizations by granting user
- OAuthAuthorizationService.browseAuthorizationsByUser(String username)
- Takes the argument username. The username, such as the Java EE principal associated with the desired granting user.
Revoke an authorization
- OAuthAuthorizationService.revokeAuthorization(String authorizationId)
- An administrators can revoke a compromised authorization by id executing this command. It takes the argument:
Revoke authorizations by granting user
- OAuthAuthorizationService.revokeAuthorizationsByUser(String username)
- An administrator can revoke all authorizations granted by a user by running this command. It takes the argument:
Revoke authorizations by granted application
- OAuthAuthorizationService.revokeAuthorizationsByApplication(String username, String appId)
- An administrator can revoke all authorizations granted to an application by a user by running this command.