You can update the identification details and basic configuration settings for a native
OAuth provider.
About this task
One of the following roles is required to configure the basic settings for a native OAuth
Provider:
- Organization Administrator
- Owner
- Custom role with the permissions
You can select the basis settings pages for a native OAuth provider immediately on completion of
the creation operation detailed in Configuring a native OAuth provider, or you can update the
basic settings for an existing native OAuth provider. If you want to update the basic settings for
an existing native OAuth provider, complete the following steps before following the procedure
described in this topic:
- Click .
- Select the required native OAuth provider.
Procedure
- To modify the identification details, click
Info in the sidebar menu, then update the following fields as required:
Field |
Description |
Title |
Enter a title for the native OAuth provider. |
Name |
This field is auto-populated by the system. |
Description (optional) |
Enter a brief description. |
Base path (optional) |
The base path is the URL segment of the API that is shared by all operations in the API. It
does not include the host name or any additional segments for paths or operations. The base path
must be unique for a given catalog. The base path cannot include special characters and must begin
with a "/" character even if it is otherwise empty. |
- To modify the basic configuration settings, click Configuration in
the sidebar menu, then update the following fields as required:
Field |
Description |
Authorize Path |
/oauth2/authorize/ is the standard OAuth endpoint to login to
account |
Token Path |
/oauth2/token/ is the standard OAuth endpoint to exchange code
for access token. |
Supported grant types |
- Implicit - An access token is returned immediately without an extra
authorization code exchange step.
- Application - Application to application. Corresponds to the OAuth grant
type "Client Credentials." Does not require User Security.
- Access code - An authorization code is extracted from a URL and exchanged
for an access code. Corresponds to the OAuth grant type "Authorization Code."
- Resource owner - Password - The user's username and password are
exchanged directly for an access token, so can only be used by first-party clients.
- Resource owner - JWT - A verified signed JSON Web
Token is exchanged directly for an access token.
Note: To use the Resource owner -
JWT option, complete the following steps:
- In the Supported grant types field, select both Resource owner
- Password and Resource owner - JWT.
- Edit the API definition and add a security scheme that specifies oauth2
as the security definition type and select Resource owner - Password as the
flow type.
For instructions on defining an OAuth2 security scheme for an API, see Defining OAuth2 security scheme components (OpenAPI 3) or Defining OAuth2 security schemes (OpenAPI
2).
Tip: If you plan to configure OpenID Connect (OIDC) for a Native OAuth provider, include
at least one of the following grant types: Implicit, Access code.
|
Supported client types |
- Confidential - Client can maintain secure credentials on a secure
server
- Public - Client credentials are not secure.
|
Note: If the gateway type is
DataPower® Gateway (v5 compatible) and, when the
native OAuth provider was created, only the Application grant type was selected, you cannot add
further grant types until you configure the user security settings. In particular, you must specify
the user registry for authenticating application users. To configure the user security settings,
complete the following steps:
- Click User Security in the sidebar menu, then click
Edit.
- Update the user security settings as required; for more details, see Configuring user security for a native OAuth provider.
- Click Save when done.
- Click Save when done.