Run the OAuth 2.0 Test Client

The test client is used to verify installation changes and to access OAuth 2.0-secured API endpoints of platforms. This section describes how it works and how it can be configured.
otk35
The test client is used to verify installation changes and to access OAuth 2.0-secured API endpoints of platforms. This section describes how it works and how it can be configured.
Run the Client
Have you set the callback URL for the test client? See Post-Installation Tasks.
Note the following security precautions when using the test client:
    • Do not install the test client on production systems.
    • Do not install the test client on a Gateway that is available on the Internet.
    • Modify the test client to use your own specific client credentials.
    • Remove the test client from the OAuth Manager when it is no longer needed.
To run the OAuth 2.0 test client:
  1. Navigate to the following URL in a browser:
    https://<Gateway_host>:8443/<InstanceModifier>/oauth/v2/client
    The OAuth Client Test Application screen is displayed. 
  2. Navigate between the other OAuth 2.0 Test Clients:
    • Authorization Code
    • Implicit
    • Resource Owner Password Credentials 
    • Client Credentials
    • SAML Bearer
Each OAuth 2.0 Test Client tests its own grant type. If you are only using a subset of the available OAuth grant types, you can ignore the other test clients.
Each client app maintains its own token. Each time you initiate a new OAuth session, the current access token is overwritten.
The access token in memory is used to call the test API. In the case of SAML, a SAML token is also maintained in memory and overwritten each time you initiate a new one.
  Running the test client  
Get an Access Token
To get an access token before calling an API:
  1. Click the OAuth V2 Clients on the top bar.
  2. Click any of the test clients identified by grant type on the black bar. 
  3. Click 
    Initiate
    .
    The OAuth 2.0 Authorization Server login page is displayed.  (The Resource Owner Password Credentials client requires this step before clicking Initiate). 
  4. Enter your credentials.
    OauthClientCredentials.png  
    Log in with social login credentials is only available for clients when CA Mobile API Gateway is installed.
    The authorization page appears displaying the requested scope. You are asked to 
    Grant
     or 
    Deny
     the request.
    grantPage2.jpg
     
  5. Click 
    Grant
    .
    You are redirected back to the client application with an access token and a refresh token.
      OAuthClientGranted.jpg  
Note that this information is for testing purposes only and should never be displayed in a user-agent. 
Use the Access Token to Call an API
To test use the access token to call an API on the CA API Gateway:
  1. Click 
    Call API
    . The client app will use the access token currently residing in memory as a credential to call the target API.
  2. View the response for this call below the 
    Target
     field.
    apiCall.jpg  
Refresh a Token
Certain grant types support refresh tokens. This is indicated by the presence of a Refresh button.
To refresh an existing OAuth access token, click the 
Refresh
 button.
The current access token information changes and a note indicates the access token was refreshed.
Clear the Current Session
Click the 
Clear Session
 button on the OAuth client page. This starts a new test and clears all the parameters in the clients.