Configuring basic settings for a native OAuth provider

You can update the identification details and basic configuration settings for a native OAuth provider.

About this task

One of the following roles is required to configure the basic settings for a native OAuth Provider:

Organization Administrator
Owner
Custom role with the Settings > Manage permissions

You can select the basis settings pages for a native OAuth provider immediately on completion of the creation operation detailed in Configuring a native OAuth provider, or you can update the basic settings for an existing native OAuth provider. If you want to update the basic settings for an existing native OAuth provider, complete the following steps before following the procedure described in this topic:

Click Resources > OAuth Providers.
Select the required native OAuth provider.

Procedure

To modify the identification details, click Info in the sidebar menu, then update the following fields as required:

Field	Description
Title	Enter a title for the native OAuth provider.
Name	This field is auto-populated by the system.
Description (optional)	Enter a brief description.
Base path (optional)	The base path is the URL segment of the API that is shared by all operations in the API. It does not include the host name or any additional segments for paths or operations. The base path must be unique for a given catalog. The base path cannot include special characters and must begin with a "/" character even if it is otherwise empty.

To modify the basic configuration settings, click Configuration in the sidebar menu, then update the following fields as required:

Field	Description
Authorize Path	`/oauth2/authorize/` is the standard OAuth endpoint to login to account
Token Path	`/oauth2/token/` is the standard OAuth endpoint to exchange code for access token.
Supported grant types	Implicit - An access token is returned immediately without an extra authorization code exchange step. Application - Application to application. Corresponds to the OAuth grant type "Client Credentials." Does not require User Security. Access code - An authorization code is extracted from a URL and exchanged for an access code. Corresponds to the OAuth grant type "Authorization Code." Resource owner - Password - The user's username and password are exchanged directly for an access token, so can only be used by first-party clients. Resource owner - JWT - A verified signed JSON Web Token is exchanged directly for an access token. Note: To use the Resource owner - JWT option, complete the following steps: In the Supported grant types field, select both Resource owner - Password and Resource owner - JWT. Edit the API definition and add a security scheme that specifies oauth2 as the security definition type and select Resource owner - Password as the flow type. For instructions on defining an OAuth2 security scheme for an API, see Defining OAuth2 security scheme components (OpenAPI 3) or Defining OAuth2 security schemes (OpenAPI 2). Tip: If you plan to configure OpenID Connect (OIDC) for a Native OAuth provider, include at least one of the following grant types: Implicit, Access code.
Supported client types	Confidential - Client can maintain secure credentials on a secure server Public - Client credentials are not secure.

Note: If the gateway type is DataPower® Gateway (v5 compatible) and, when the native OAuth provider was created, only the Application grant type was selected, you cannot add further grant types until you configure the user security settings. In particular, you must specify the user registry for authenticating application users. To configure the user security settings, complete the following steps:

Click User Security in the sidebar menu, then click Edit.
Update the user security settings as required; for more details, see Configuring user security for a native OAuth provider.
Click Save when done.

Click Save when done.