OAuth
An OAuth policy performs the requested OAuth processing based on the defined OAuth provider settings.
Gateway support
| Gateway | Policy version |
|---|---|
| DataPower® API Gateway | 2.0.0 |
This topic describes how to configure the policy in the assembly user interface; for details on how to configure the policy in your OpenAPI source, see oauth.
About
By adding an assembly OAuth policy, you specify the OAuth provider settings to use to perform the requested OAuth processing and the supported OAuth processing components.
- Editing the native OAuth provider configuration using the API Editor (Cloud Manager UI)
- Editing the native OAuth provider configuration using the API Editor (API Manager UI)
- URL reference
- Literal configuration
- Object reference
- URL reference takes precedence over any existing literal configuration or object reference.
- Literal configuration takes precedence over any existing object reference.
- Validate request
- Validates the authorization request from the client.
- Generate authorization code
- Generates the authorization code for the client, which represents the resource owner's authorization that grants access to the requested resource.
- Verify authorization code
- Verifies the authorization code from the client.
- Verify refresh token
- Verifies the refresh token that is presented by the client.
- Generate access token
- Generates the access token to the client when the authorization code or refresh token is verified.
- Introspect token
- Introspects the token to determine its state and, when active, its metadata.
When the policy does not support a processing component but that processing is requested, the unsupported component is not run.
- OAuth policy that validates the request.
- GatewayScript policy.
- OAuth policy that generates authorization code.
Properties
The following table lists the policy properties, indicates whether a property is required, specifies the valid and default values for input, and specifies the data type of the values.
| Property label | Required | Description | Data type |
|---|---|---|---|
| Title | No | The title of the policy. The default value is |
string |
| Description | No | A description of the policy | string |
| Default OAuth Provider Settings Object | Yes | The name of an existing OAuth provider that defines the required settings. | string |
| Dynamic OAuth configuration from a URL | No | A URL to a document that contains serialized XML or JSON properties that defines OAuth token generate settings. | string |
| Dynamic OAuth configuration from a literal string | No | A literal string that contains serialized XML or JSON properties that defines OAuth token generate settings. | string |
| Supported OAuth components | No | Select the OAuth components that are supported by this policy. | string |
Overriding the default OAuth provider settings
You can use either the Dynamic OAuth configuration from a literal string property or the Dynamic OAuth configuration from a URL property to dynamically override any OAuth provider configuration settings defined by the Default OAuth Provider Settings Object property.
<OAuthProviderSettings><APICAccessTokenTTL>200</APICAccessTokenTTL></OAuthProviderSettings>For a list of all OAuth provider settings, refer to the OAuthProviderSettings
management schema, defined in the xml-mgmt.xsd file located in the
store: directory on the DataPower API
Gateway.
If you are using the API Manager user interface, the connection details are determined by the API Manager URL that you open, and the user ID with which you log in. If you are using the API Designer user interface, you provide the management server details and user ID in the login window that opens when you first launch API Designer; see Logging into API Connect Designer.