VMware Cloud Partner Navigator uses OAuth 2.0 so that you can grant your applications secure delegated access to the resources of your customers organizations. VMware Cloud Partner Navigator supports OAuth 2.0 server-to-server apps which authorize actions through an access token, issued directly to your application.
What is OAuth 2.0?
OAuth 2.0 is an authorization protocol that lets you grant your applications secure access to your resources. Your client is authorized through an access token. The access token has a scope which defines which resources the app can access. For information about OAuth 2.0, see https://tools.ietf.org/html/rfc6749#page-8, or look at this blog post called OAuth 2.0 Simplified at https://aaronparecki.com/oauth-2-simplified/.
How does OAuth work with VMware Cloud Partner Navigator?
VMware Cloud Partner Navigator supports the OAuth 2.0 client credentials grant type, which grants your applications access to the resources of your organization without the need of user authorization. To supply credentials for your applications, you create a server-to-server OAuth 2.0 app in VMware Cloud Partner Navigator and define the scope of its access token. Then your applications use the supplied OAuth credentials to retrieve the access token and gain access to the resources defined in the scope. The scope is defined in terms of organization roles as described in Reseller roles and permissions.
Who creates OAuth apps?
Only a Reseller Administrator user can create and manage OAuth apps in a reseller organization.
How do I set up an OAuth server-to-server app?
The process of setting up an OAuth app is two-fold. First, you create the OAuth app in an organization of yours and define the scope of its access token. Then, to enable the app's access to the organization's resources, you add the app to the same organization in which it was created. You cannot add OAuth apps created in different organizations.
To create an OAuth app:
-
On the VMware Cloud Partner Navigator toolbar, click .
-
Click .
-
Complete the OAuth app details and define its scope.
-
Enter a name and description for the app.
-
Set the time to live of the OAuth app's access token.
-
To define the scope of the OAuth app's access token, select organization roles.
-
Click Create.
-
-
Copy the received credentials or download a JSON file, and click Continue.
At this point the OAuth app has been created in your VMware Cloud Partner Navigator organization but not yet granted access to its resources. To grant it access, you must add the app to your organization.
To add an OAuth app to an organization:
-
On the VMware Cloud Partner Navigator toolbar, click .
-
Click Add App.
-
Select your organization, then browse and select an OAuth app.
The page lists the organization and service roles that will be assigned to the OAuth app instance.
-
Review the OAuth app details and click Add.
The OAuth app is added to your VMware Cloud Partner Navigator organization and granted access to its resources.
To authorize the actions of your applications, use the provided OAuth credentials in your script's API calls.
How do I manage OAuth apps?
Refer to the following table for a list of OAuth management functions you can perform.
| To... |
Do this... |
|---|---|
| View the OAuth apps that have access to your organization. |
Click Identity & Access Management > OAuth Apps. |
| Add an OAuth app created in the same organization |
|
| Restrict an added OAuth app from accessing the resources of your organization |
|
| To view the apps created in your organization. |
Click Organization > OAuth Apps. Here you can view all apps created in your organization. |
| To manage the existing OAuth apps created in your organization. |
Click Organization > OAuth Apps and select the app you want to manage:
|
