Skip to main content

Securing MarkLogic Server

The OAuth Server Fields

[v11.2.0] The OAuth Server fields appear when either Authentication or Authorization is oauth.

Field	Description
OAuth Flow Type	The type of flow that the OAuth server will support: `Resource server` `Authorization code` [Deprecated as of MarkLogic Server 11.2.0] `Client credentials` [Deprecated as of MarkLogic Server 11.2.0]
OAuth Vendor	The third-party authorization vendor that will be used with the OAuth server.
OAuth Server URI	[Deprecated as of MarkLogic Server 11.2.0] (Optional) Providing a server URL may help users with auto-population of form parameters. URI must support TLS (HTTPS).
OAuth Authorization Server URI	[Deprecated as of MarkLogic Server 11.2.0] (OAuth Token Type = `Internally managed reference tokens`) OAuth introspection endpoint.
OAuth Token Server URI	[Deprecated as of MarkLogic Server 11.2.0] (Optional) Token Endpoint used to obtain access tokens. URI must support TLS (HTTPS).
OAuth Introspection Server URI	[Deprecated as of MarkLogic Server 11.2.0] (OAuth Token Type = `Internally managed reference tokens`) OAuth introspection endpoint. TLS (HTTPS) required.
OAuth Scope	[Deprecated as of MarkLogic Server 11.2.0] (OAuth Flow Type = `Client credentials`) Scopes to be requested in client flows.
OAuth Client Authentication Method	[Deprecated as of MarkLogic Server 11.2.0] (OAuth Flow Type = `Client credentials`) Method for authenticating the client when requesting access tokens.
OAuth Client ID	Client ID of the OAuth server on the vendor.
OAuth Client Secret	[Deprecated as of MarkLogic Server 11.2.0] (OAuth Flow Type = `Client credentials` and OAuth Client Authentication Method = `Client secret`) The client secret you use to authenticate with the OAuth vendor.
OAuth Redirect URI	[Deprecated as of MarkLogic Server 11.2.0] (OAuth Flow Type = `Authorization code`) URI where user is redirected after authentication. URI must support TLS (HTTPS) or be a loopback URI.
OAuth JWT Issuer URI	[v11.2.0 and up] (OAuth Vendor = `Microsoft Entra` or `Amazon Cognito`) MarkLogic Server verifies that this URI matches the URI provided in the JWT Token.
OAuth Token Type	The access token format.
OAuth Username Attribute	(Required) The claim name to store the username information extracted from the access token.
OAuth Role Attribute	(Required) The claim name to store the role information extracted from the access token.
OAuth Privilege Attribute	(Optional) The claim name to store the privilege information extracted from the access token.
OAuth JWT Algorithm	[v11.2.0 and up] (OAuth Token Type = `JSON Web Tokens`) Signature algorithm for JWT access tokens: `HS256` (Symmetric) `RS256` (Asymmetric)
OAuth JWT Secrets	[v11.2.0 and up] The list of secrets MarkLogic Server should use to verify JWT access tokens, also known as validating the JWT access token signature. If OAuth JWT Algorithm is a symmetric one, [v11.2.0] Use Hex-encoded JWT Secrets. [v11.3.0 and up] Use either Hex- or Base64URL-encoded JWT Secrets. If OAuth JWT Algorithm is an asymmetric one, use PEM-encoded JWT Secrets.
OAuth JWKS URI	[v11.2.0 and up] (Optional) JSON Web Key Sets Endpoint for obtaining JSON Web Keys. URI must support TLS (HTTPS) or be a loopback URI.

In this section: