Agent Portal authentication
OAuth is an authorization framework that enables the Agent portal to obtain limited access to an HTTP service.
Before you begin
Procedure
-
You need to configure the public and private keys paths in the
jwt-settings.xml for your local development workspace and
config.properties for each of your planets.
Example:
<JWTSettings> <Param Name="TokenIssuer" Value= "Guidewire Software Inc." /> <Param Name= "PublicKeyPath" Value= "${SPI.getPrefsDir()}mda/jwt/public.pem" /> <Param Name= "PrivateKeyPath" Value= "${SPI.getPrefsDir()}mda/jwt/private_pkcs8.der" /> <Param Name= "UserNameClaimMapping" Value= "sub" /> </JWTSettings>
-
Configure clients in web/APP-INF/mda/oauth/clients.xml. A client
must be configured for each client application using OAuth.
Option Description ClientId Must be set to a value that uniquely identifies the client. Note: Only public clients are supported.GrantTypes Comma separated list of grant types allowed for the client, including: - Authorization Code
- Implicit
AccessTokenExpirationTime Expiration time of the access token in minutes. When the token expires, the user must log in again to get a new token. Note: Refresh tokens are not supported.RedirectUris Comma separated list of allowed redirect URIs for the client. - Redirection endpoint URI must be an absolute URI as defined by [RFC3986] Section 4.3.
- Endpoint URI can include an
"application/x-www-form-urlencoded"
formatted query component, which must be retained when adding additional query parameters.- For details, see Appendix B and [RFC3986] Section 3.4.
- Endpoint URI must not include a fragment component.