You can create a client to enable a single application to register with VMware Identity Manager services to allow user access to a specific application.
About this task
Registering the details of the application identifies the application as a trusted client for the OAuth service.
You register the client ID, client secret, and a redirect URI with VMware Identity Manager service.
- In the administration console Catalog tab, select .
- On the Clients page, click Create Client.
- On the Create Client page, enter the following information about the application.
Options are User Access Token or Service Client Token. Set to Service Client Token. This indicates that the application accesses the APIs on its own behalf, not on behalf of a user.
Enter a unique client identifier for the application to use to authenticate to VMware Identity Manager. The client id must not match any client id in your tenant. The following characters can be used, alphanumeric (A-Z, a-z, 0-9) period (.), underscore (_), and hyphen (-) and at sign (@).
Select Identity Manager.
Select the information that the token contains. When you select NAAPS, OpenID is also selected.
Enter the registered redirect URI.
Click Generate Shared Secret to generate a secret that is shared between this service and the application resource service.
Copy and save the client secret to configure in the application setup.
The client secret must be kept confidential. If a deployed app cannot keep the secret confidential, then the secret is not used. The shared secret is not used with Web browser-based applications.
Issue Refresh Token
To use refresh tokens, leave this option enabled.
Select Bearer. This attribute tells the application what type of access token it was given. For VMware Identity Manager, the tokens are bearer tokens.
Access Token TTL
The access token expires in the number of seconds set inAccess Token Time-To-Live. If Issue Refresh Token is enabled, when the access token expires, the application uses the refresh token to request a new access token.
Refresh Token TTL
Set the Refresh Token time to live. New access tokens can be requested until the refresh token expires.
Idle Token TTL
Configure how long a refresh token can be idle before it cannot be used again.
Do not check Prompt users for access.
- Click Add.
The client configuration is displayed on the OAuth2 Client page.
What to do next
In the resource application, configure the Client ID and the generated shared secret. See the application documentation.