Fortinet black logo

Administration Guide

OAuth Service

OAuth Service

FortiAuthenticator can act as an authorization server to issue and manage OAuth access tokens via a set of REST API endpoints. An OAuth client is issued an OAuth access token by FortiAuthenticator after successfully providing its login credentials. The OAuth client can then use this access token as proof of authorization to access a third-party service. The third-party service may contact FortiAuthenticator to validate any given OAuth access token.

To enable OAuth service access, enable the Auth Service API (/api/v1/oauth) service on applicable network interface(s) under System > Network > Interfaces.

Settings

To configure the OAuth Service settings, go to Authentication > OAuth Service > Settings.

OAuth Service Settings
Auto-generated client secret length Determines the length of the generated client secret for confidential OAuth applications. The default is set to 128.

Select OK to apply the changes you have made.

Applications

OAuth applications can be managed from Authentication > OAuth Service > Applications.

The OAuth service has a per-configured FortiOS Fabric OAuth application used for Fortinet Security Fabric integration. The FortiOS Fabric application settings should not be changed.

To configure an OAuth application:
  1. From the OAuth application list, select Create New to add a new OAuth application.
  2. The Create New Application window opens.

  3. Enter the following information:
    Name Enter a name for the OAuth application.
    Client type

    Select the client type for the OAuth application:

    • Confidential: OAuth clients are required to provide the client secret in requests to the OAuth application.
    • Public: OAuth clients are not required to provide the client secret in requests to the OAuth application.
    Client id

    Enter a client id for the OAuth application. A generated value is provided by default.

    Client secret

    Enter a client secret for the OAuth application. A generated value is provided by default. Only available if Client type is set to Confidential.

    Configure the length of the automatically generated value under Authentication > OAuth Service > Settings.

    Access token expiry Enter a length of time for which OAuth access tokens issued by this application are valid. The default is set to 36000. Access tokens will not expire if the value is set to 0.
  4. Select OK to create the new OAuth application.

OAuth Service

FortiAuthenticator can act as an authorization server to issue and manage OAuth access tokens via a set of REST API endpoints. An OAuth client is issued an OAuth access token by FortiAuthenticator after successfully providing its login credentials. The OAuth client can then use this access token as proof of authorization to access a third-party service. The third-party service may contact FortiAuthenticator to validate any given OAuth access token.

To enable OAuth service access, enable the Auth Service API (/api/v1/oauth) service on applicable network interface(s) under System > Network > Interfaces.

Settings

To configure the OAuth Service settings, go to Authentication > OAuth Service > Settings.

OAuth Service Settings
Auto-generated client secret length Determines the length of the generated client secret for confidential OAuth applications. The default is set to 128.

Select OK to apply the changes you have made.

Applications

OAuth applications can be managed from Authentication > OAuth Service > Applications.

The OAuth service has a per-configured FortiOS Fabric OAuth application used for Fortinet Security Fabric integration. The FortiOS Fabric application settings should not be changed.

To configure an OAuth application:
  1. From the OAuth application list, select Create New to add a new OAuth application.
  2. The Create New Application window opens.

  3. Enter the following information:
    Name Enter a name for the OAuth application.
    Client type

    Select the client type for the OAuth application:

    • Confidential: OAuth clients are required to provide the client secret in requests to the OAuth application.
    • Public: OAuth clients are not required to provide the client secret in requests to the OAuth application.
    Client id

    Enter a client id for the OAuth application. A generated value is provided by default.

    Client secret

    Enter a client secret for the OAuth application. A generated value is provided by default. Only available if Client type is set to Confidential.

    Configure the length of the automatically generated value under Authentication > OAuth Service > Settings.

    Access token expiry Enter a length of time for which OAuth access tokens issued by this application are valid. The default is set to 36000. Access tokens will not expire if the value is set to 0.
  4. Select OK to create the new OAuth application.