Configuring basic settings for a native OAuth provider
You can update the identification details and basic configuration settings for a native OAuth provider.
About this task
One of the following roles is required to configure the basic settings for a native OAuth Provider:
- Topology Administrator
- Custom role with the Settings:Manage permissions
You can select the basis settings pages for a native OAuth provider immediately on completion of the creation operation detailed in Configuring a native OAuth provider, or you can update the basic settings for an existing native OAuth provider. If you want to update the basic settings for an existing native OAuth provider, complete the following steps before following the procedure described in this topic:
- Click .
- Select the required native OAuth provider.
- To modify the identification details, click
Info in the sidebar menu, then update the following fields as required:
Field Description Title Enter a title for the native OAuth provider. Name This field is auto-populated by the system. Description (optional) Enter a brief description. Base path (optional) The base path is the URL segment of the API that is shared by all operations in the API. It does not include the host name or any additional segments for paths or operations. The base path must be unique for a given catalog. The base path cannot include special characters and must begin with a "/" character even if it is otherwise empty.
- To modify the basic configuration settings, click Configuration in
the sidebar menu, then update the following fields as required:
Field Description Authorize Path /oauth2/authorize/ is the standard OAuth endpoint to login to account Token Path /oauth2/token/ is the standard OAuth endpoint to exchange code for access token. Supported grant types
Note: If you plan to configure OpenID Connect (OIDC) for a native OAuth provider, you must include at least one of the following grant types: Implicit, Access code.
- Implicit - An access token is returned immediately without an extra authorization code exchange step.
- Application - Application to application. Corresponds to the OAuth grant type "Client Credentials." Does not require User Security.
- Access code - An authorization code is extracted from a URL and exchanged for an access code. Corresponds to the OAuth grant type "Authorization Code."
- Resource owner - Password - The user's username and password are exchanged directly for an access token, so can only be used by first-party clients.
- Resource owner - JWT - A verified signed JSON Web
Token is exchanged directly for an access token.Tip: Selecting only the Resource owner - JWT grant type when defining a native OAuth provider in the user interface is not supported and results in an invalid configuration. To avoid this problem, additionally select either the Access code or the Resource owner - Password grant type.
Supported client types
Note: If the gateway type is DataPower® Gateway (v5 compatible) and, when the native OAuth provider was created, only the Application grant type was selected, you cannot add further grant types until you configure the user security settings. In particular, you must specify the user registry for authenticating application users. To configure the user security settings, complete the following steps:
- Confidential - Client can maintain secure credentials on a secure server
- Public - Client credentials are not secure.
- Click User Security in the sidebar menu, then click Edit.
- Update the user security settings as required; for more details, see Configuring user security for a native OAuth provider.
- Click Save when done.
- Click Save when done.