Configuring a native OAuth provider
Native OAuth providers are configured and managed by you within your cloud.
About this task
A native OAuth provider object provides settings for OAuth processing operations such as generating and validating OAuth tokens. An OAuth provider object is referenced by an OAuth security definition to protect an API. When a native OAuth provider is used, the OAuth operations are performed natively by API Connect.
Every OAuth provider object has a backing API. Your configuration here automatically updates the OpenAPI document of the API. You can edit the OpenAPI document directly by navigating to the page, selecting your OAuth provider, then clicking API Editor.
- If you change the name of auto generated assembly actions in the source code, the assembly will be prevented from updating dynamically when the OAuth provider settings are modified.
- You must ensure that the OAuth provider name matches the value specified in the
oauth-provider-settings-ref
field in each OAuth assembly action.
When a published API references an OAuth provider object, the backing API is automatically made available in the gateway.
client_id
checks in the
token request is as follows:- Check both body and query.
- If found in only the body, validate and return a
200
or appropriate return code. - If found in only the query, return a
wrong location
error. - If found in both the body and the query, return a
more than one location
error.
- If found in only the body, validate and return a
- When not found in the body or the query, check the
Authorization
header.- If found in this header, validate and return a
200
or appropriate return code.
- If found in this header, validate and return a
- Not found, return the appropriate error and code.
client_id
is in the request body.One of the following roles is required to configure a native OAuth provider:
- Administrator
- Owner
- Topology Administrator
- Custom role with the Settings:Manage permissions
- The OAuth provider logs analytics data for failure cases, but does not log successful cases. Activity log policies that call for logging of analytics data upon success do not apply for the OAuth provider.
- You must ensure the OAuth Provider is configured in the Sandbox Catalog before using the OAuth Provider in a non-Sandbox Catalog.
Procedure
OAuth provider configuration uses a series of screens. The first set of screens controls a basic OAuth provider configuration. Perform the following steps to configure a native OAuth Provider for your cloud: