Using OAuth 2.0 for Authentication
For secure access to the APIsApplication Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software., the Aruba Central API Framework plug-in supports OAuthOpen Standard for Authorization. OAuth is a token-based authorization standard that allows websites or third-party applications to access user information, without exposing the user credentials. protocol for authentication and authorization. OAuth 2.0 is a simple and secure authorization framework. It allows applications to acquire an access token for Aruba Central through a variety of work flows supported within the OAuth 2.0 specification.
All OAuth 2.0 requests must use the SSLSecure Sockets Layer. SSL is a computer networking protocol for securing connections between network application clients and servers over the Internet. endpoint available at https://apigw-<fqdn> of the Aruba Central instance>/swagger/central.
Access and Refresh Tokens
The access token is a string that identifies a user, app, or web page and is used by the app to access an API. The access tokens provide a temporary and secure access to the APIs.
The access tokens have a limited lifetime. If the application uses web server or user-agent OAuth authentication flows, a refresh token is provided during authorization that can be used to get a new access token.
If you are writing a long running applications (web app) or native mobile application you should refresh the token periodically. For more information, see Refreshing a token.
This section includes the following topics:
Obtaining Access Token
Users can generate the OAuth token using one of the following methods:
Obtaining Token Using Offline Token Mechanism
Obtaining Token Using OAuth Grant Mechanism
Accessing APIs
To access the API, use the following URLUniform Resource Locator. URL is a global address used for locating web resources on the Internet.:
https://apigw-<FQDN> of the Aruba Central instance>/.
This endpoint is accessible over SSL and the HTTPHypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. (non-SSL) connections are redirected to the SSL port.
|
URL |
Description |
|---|---|
|
https://apigw-<FQDN> of the Aruba Central instance>/. |
The API gateway URL. All APIs can be accessed from this URL by providing a correct access token. |
The parameters for the API are as follows:
|
Parameter |
Value |
Description |
|---|---|---|
|
request_path |
URL Path |
URL path of an API, for example, to access monitoring APIs, use the path /monitoring/v1/aps. |
|
Header |
Value |
Description |
|---|---|---|
|
Authorization |
Bearer ouzMaXEBbB6XqGtsWomK7MvaTuhrqDQ1 |
Pass the access token in the header. |
Example
https://apigw-<fqdn> of the Aruba Central instance>/monitoring/v1/aps
:
: Bearer ouzMaXEBbB6XqGtsWomK7MvaTuhrqDQ1
{
"aps": [
{
"firmware_version": "6.4.4.4-4.2.3.1_54637",
"group_name": "00TestVRK",
"ip_address": "10.29.18.195",
"labels": [
"Filter_242",
"Ziaomof",
"roster",
"242455",
"Diegso"
],
"macaddr": "6c:f3:7f:c3:5d:92",
"model": "AP-134",
"name": "6c:f3:7f:c3:5d:92",
"radios": [
{
"band": 0,
"index": 1,
"macaddr": "6c:f3:7f:b5:d9:20",
"status": "Down"
},
{
"band": 1,
"index": 0,
"macaddr": "6c:f3:7f:b5:d9:30",
"status": "Down"
}
],
"serial": "AX0140586",
"status": "Down",
"swarm_id": "e3bf1ba201a6f85f4b5eaedeead5e502d85a9aef58d8e1d8a0",
"swarm_master": true
}
],
"count": 1
}
Viewing and Revoking Tokens
To view or revoke tokens, complete the following steps:
1. In the page, under , click .
The page is displayed.
2. Click . The table displays the following:
—Token ID of the application.
—Name of the user to whom this token is associated to. An application can be associated to multiple users.
—Name of the application to which this token is associated to. For example, Network Operations.
—Date on which the token was generated.
—Click and click to revoke the token associated to a particular user. For example, if two users are associated to an application and if you want to remove access to a particular user, revoke the token associated to that user.
—Click to download the token.
|
|
The admin user profile has tab which displays all the apps and tokens generated in all non-admin user profiles in addition to the apps and tokens created in the admin user profile. To view all the tokens of admin and non-admin user, go to . |
Adding a New Token
To add a new token, complete the following steps:
1. In the page, under , click .
The page is displayed.
2. Click .
|
|
The admin user can create new tokens for all non-admin users by clicking in the tab. |
3. Click to add a new token.
4. Enter the application name in the box and click .
|
|
If you have registered a custom URIUniform Resource Identifier. URI identifies the name and the location of a resource in a uniform format. when creating a new app under , the option is disabled for you in the tab . In such cases, the option in under populates your already registered URI. |
