Configuring the Authorization Server
Once the Authorization Server and the Authorization Server Admin API is set up, the next step involves configuring the Authorization Server to function correctly with the other partners of the FPX ecosystem. The applications allowed in the network, as well as the resources they are allowed to request and share, are controlled by the network administrators. The primary tool for configuring and governing the network is the Authorization Server's Admin API.
Partners need to be established as trusted entities in the network through the Admin API. Some partners, such as Resource Servers and Clients, have extra steps to configure what resources and scopes they are allowed to request/provide.
For more information on the different Partners within the FPX ecosystem, refer to Who are FPX Partners?
Before you begin, obtain and make note of the following parameters:
AS_URI. Go to Deploy AS section and look for
AS_ADMIN_URI. Go to Deploy AS section and look for
/json-apito the value found there
AS_ADMIN_STATIC_TOKEN. Go to Deploy AS section and look for
WALLET_SERVER_URI. Go to Deploy Wallet section and look for
API_VERSION. Deploy AS section and look for
To make requests to the Authorization Server Admin API:
- The Authorization Server database must be accessible.
- The Authorization Server server should have been run at least once to initialize the database.
- The Authorization Server Admin API server must be accessible at some
- The server should have access to the application database.
- The administrator must have an appropriate authorization token.
- The request must include the desired API version in a
ApiVersionheader. The default is
- The request should include an
- The request should include a
Content-Typeheader with a value of
The Authorization Server Admin API includes localization support, and it is recommended to configure a new deployment with localization support from the beginning unless you know that you won't need it. For that reason, this guide includes the
Accept-Language header in all API requests where it is appropriate to include it. The language value set in that header is English, so be sure to change that in the sample API requests if you know you want to configure a different language to begin with.
The localization feature is covered in more detail here.
Disabling/Re-enabling an entity via API
The Authorization Server Admin API allows disabling and re-enabling of specific functionalities, for example, disabling a resource that a resource server no longer provides.
The Disable API functionality puts the disabled entity in a hibernate state, where it remains until access is granted again, or in other words, the entity is re-enabled.
The disabledOn attribute is the date and time value at which the related entity was, or will be, disabled. By default, the value of the disabledOn attribute is set to
In order to disable an entity, an admin must use the admin api to update the default value in the disabledOn field by adding date and time in the following format "yyyy-MM-dd'T'HH:mm:ss'Z".
To re-enable an entity, the admin must reset the disabledOn value to
An Admin can disable the following components using the Admin API:
The AS Admin API makes use of a framework called Elide, and specifically its implementation of the JSON-API specification. The format of the API calls shown in this guide are representative of this specification. While it can be verbose, it is also provides for many useful features. For further information, see the following links:
This section of the guide will cover the following topics: