OESECTOOL is a tool for testing and exploring how to configure OAuth2.

Install OESECTOOL

You must have a development license for PAS for OpenEdge. OESECTOOL is not available with a Production license.
  1. Locate the utility archive:

    Linux

    $DLC/servers/pasoe/extras/oesectool-version.zip

    Windows

    %DLC%/servers/pasoe/extras/oesectool-version.zip
  2. Unzip the file to a working directory, for example:
    C:\OpenEdge\WRK\oesectool

    oesectool includes:

    • A lightweight OAuth2/JWT server
    • Support scripts
    • A configuration file for OAuth2 and JWK metadata

Configure OAuth2 properties

Set properties to configure OAuth2.
  1. Edit oesectool\conf\oesectool-oauth2.properties.
    1. Search and replace localhost with your-hostname. localhost value for oesectool.host with your machine or IP address:
      servername=your-hostname
general.server.name="your-hostname"

      This value must match the hostname you use when you:

      • Retrieve the JWT
      • Access the JWK endpoint
      • Configure PASOE properties
    2. Make these optional, recommended property value updates:
      Setting Purpose
      jwt.issuer Sets the token issuer claim
      jwt.ttl.seconds Token lifetime
      jwk.keysize Size of RSA/EC key generated JWK
      oauth2.userlist List of permitted demo users
      Note: The default settings work, but the hostname must be correct.
    3. Add any additional users to the #users. For guidance on adding users, see the oesectool-oauth2.properites.README.
    4. Save and close the file.

Start OESECTOOL

  1. From the osectool directory, start the oesectool OAuth2 server.

    Linux

    ./oesectool.sh startoauth2server -ports 9999

    Windows

    oesectool.bat startoauth2server -ports 9999
    This starts a small HTTPS OAuth2/JWT server on port 9999.

    Endpoints now available:

    • Generate a JWT

      https://hostname:9999/jwt/<username>

    • JWK endpoint for PASOE

      https://hostname:9999/keys

Generate tokens

  1. Generate a JWT token. Use curl to request a JWT:
    curl -k https://your-hostname:9999/jwt/user1
    The returned token will later authenticate to PASOE.

For more information on the OESECTOOL utility, see OESECTOOL.