Skip to main content

Setting up an OAuth 2.0 Authorization Server

Preconditions

  • nevisMeta is set up. For more information, see the chapter Setting up a nevisMeta Instance.
  • The nevisAuth host is able to reach the nevisMeta API.
  • OAuth 2.0 setup is defined.
    • The OAuth 2.0 setup is defined with the nevisMeta Web Console pattern.
    • The ID of the setup is available, to configure the AuthorizationServer AuthState.
  • You need a Realm pattern that defines the process for initial authentication.

Realm Patterns

You can add a new Realm pattern, or reuse an existing Realm pattern. The OAuth 2.0 Authorization Server / OpenID Provider pattern just exposes the realm as an authentication service via nevisProxy.

If you add a new pattern, you can pick any kind of Realm pattern. The Authentication Realm is usually the most convenient choice because it offers many standardized configuration options.

Quick Start

This quick start shows how to set up an OAuth 2.0 Authorization Server. This quick start is kept as simple as possible for illustration purposes.

Be aware of the following potential issues:

  • The certificate rollover does not supported yet.

Perform the following steps

  1. Add an OAuth 2.0 Authorization Server / OpenID Provider pattern. Configure the pattern as follows:
    1. Enter a value for the authorization endpoint in the Authorization Path field, or use the default.
    2. Enter a value for the token endpoint in the Token Path field, or use the default.
    3. Configure the signer in the Signer field, by assigning an (Automatic) Key Store pattern.
    4. Assign a Virtual Host pattern to the Virtual Host field. The assigned Virtual Host pattern defines where to make the frontend path accessible.
    5. In the Authentication Realm field, specify an Authentication Realm pattern that provides the authentication flow.
    6. In the nevisMeta tab
      1. Select corresponding nevisMeta Instance (Connector) pattern in the nevisMeta field.
      2. Set the ID of the OAuth 2.0 setup in nevisMeta in the Setup ID field.

The following figure shows the required patterns in an example configuration:

Setting up an OAuth 2.0 Authorization Server - BasicSetting up an OAuth 2.0 Authorization Server - nevisMeta