FortiAuthenticator can act as an authorization server to issue and manage OAuth access tokens via a set of REST API endpoints. An OAuth client is issued an OAuth access token by FortiAuthenticator after successfully providing its login credentials. The OAuth client can then use this access token as proof of authorization to access a third-party service. The third-party service may contact FortiAuthenticator to validate any given OAuth access token.
To enable OAuth service access, enable the Auth Service API (/api/v1/oauth) service on applicable network interface(s) under System > Network > Interfaces.
To configure the OAuth Service settings, go to Authentication > OAuth Service > Settings.
|OAuth Service Settings|
|Auto-generated client secret length||Determines the length of the generated client secret for confidential OAuth applications. The default is set to 128.|
Select OK to apply the changes you have made.
OAuth applications can be managed from Authentication > OAuth Service > Applications.
The OAuth service has a per-configured FortiOS Fabric OAuth application used for Fortinet Security Fabric integration. The FortiOS Fabric application settings should not be changed.
To configure an OAuth application:
- From the OAuth application list, select Create New to add a new OAuth application.
- Enter the following information:
- Confidential: OAuth clients are required to provide the client secret in requests to the OAuth application.
- Public: OAuth clients are not required to provide the client secret in requests to the OAuth application.
- Select OK to create the new OAuth application.
The Create New Application window opens.
|Name||Enter a name for the OAuth application.|
Select the client type for the OAuth application:
Enter a client id for the OAuth application. A generated value is provided by default.
Enter a client secret for the OAuth application. A generated value is provided by default. Only available if Client type is set to Confidential.
Configure the length of the automatically generated value under Authentication > OAuth Service > Settings.
|Access token expiry||Enter a length of time for which OAuth access tokens issued by this application are valid. The default is set to 36000. Access tokens will not expire if the value is set to 0.|