The ImportOAuth program
Use the ImportOAuth program to register the mandatory URL endpoints based on the OAuth2 identity provider (IdP) URL.
- Register a new OAuth2 identity provider (IdP).
- List all registered OAuth2 IdPs.
- Remove OAuth2 IdP identified by its URI.
The ImportOAuth.4gl source code is provided in $FGLDIR/web_utilities/services/openid-connect/src/, and the compiled version is in the bin directory.
Syntax
ImportOAuth [
options ]
IdP
- options are described in Table 1.
- IdP is the URL of an OAuth2 identity provider.
The ImportOAuth tool command line follows the convention of other Genero command line tools for both short and long versions of options.
Option | Description | Usage example |
---|---|---|
-h, --help |
Display help with the command. | fglrun ImportOAuth -h |
-l, --list |
List all imported IdPs stored in the database. | fglrun ImportOAuth -l |
-r, --remove |
Remove the OAuth2 entry for the specified IdP from the database. | fglrun ImportOAuth -r https://www.instagram.com |
-i, --import |
Import the IdP endpoints and register them in the database for OAuth2. | See Import option usage example |
-a, --authz
IdP_endpoint |
OAuth2 authorization end point URL (mandatory). | See Import option usage example |
-t, --token
IdP_endpoint |
OAuth2 token end point URL (mandatory). | See Import option usage example |
-o, --logout IdP_endpoint
|
OAuth2 logout end point URL (optional). | See Import option usage example |
-k, --keys IdP_endpoint
|
OAuth2 public JWK keys URL (recommended). Not all OAuth providers have public keys; however, if an IdP public keys URL is available, provide it to get the ID token signature validated. |
See Import option usage example |
-p, --profile
IdP_endpoint |
OAuth2 user profile end point URL (optional). | See Import option usage example |
Import option usage example
--import
option. This example provides the command for Instagram; line breaks have
been added for
readability.fglrun ImportOAuth --import
--authz https://api.instagram.com/oauth/authorize
--token https://api.instagram.com/oauth/access_token
--logout https://instagram.com/accounts/logout
--profile https://api.instagram.com/v1/users/self?
https://www.instagram.com
--authz
and --token
are mandatory,
and the endpoint URLs of the IdP are required:--authz
URL: mandatory authorization endpoint URL.--token
URL: mandatory token endpoint URL.--logout
URL: optional logout endpoint URL.--profile
URL: optional user profile endpoint URL.- URL of the IdP: mandatoryImportant:
The profile URL requires an access_token to get user profile information. In some cases, the access_token must be provided via the query string (for example, Instagram requires it). Therefore you must add an ending question mark (
?
) during importation so that OpenID-Connect service providers know how to generate that request.