Configuring metadata for a native OAuth provider

Use Authentication URL or External URL parameters to request user-defined content from a remote server and include it in the access token or in the response payload that contains the access token.

About this task

Configure an Authentication URL or an External URL from which custom metadata is collected for inclusion in the token. The metadata is either stored inside the access token or it is sent along with the access token to the client application. For more information about how the metadata is collected, see OAuth external URL and authentication URL.

Following are examples of metadata that can be included with the access token:

  • Metadata about the authenticated resource owner
  • Grant type that was used to obtain the token
  • A confirmation code to be provided to the client application

One of the following roles is required to configure metadata collection for a native OAuth Provider:

  • Organization Administrator
  • Owner
  • Custom role with the Settings > Manage permissions

You can select the metadata settings page for a native OAuth provider immediately on completion of the creation operation detailed in Configuring a native OAuth provider, or you can update the metadata settings for an existing native OAuth provider. If you want to update the metadata settings for an existing native OAuth provider, complete the following steps before following the procedure described in this topic:

  1. Click Resources icon Resources > OAuth Providers.
  2. Select the required native OAuth provider.

Procedure

  1. Click Metadata in the sidebar menu.
  2. Select Collect metadata to enable metadata collection.
  3. The Authentication URL user registry is selected by default and is required. For more information about the Authentication URL, see Authentication URL user registry.
  4. Select the External URL to collect metadata from an external URL. Enter the endpoint and an option TLS Client Profile.
  5. DataPower API Gateway onlyIf required, override the default Header name token value. The value of this header, if returned in the response from the OAuth endpoint, is placed in the response payload and indicated as metadata.
  6. DataPower API Gateway onlyIf required, override the default Header name payload value. The value of this header, if returned in the response from the OAuth endpoint, is placed within the access token and indicated as miscinfo.
  7. Save the OAuth Provider.
  8. Click Save when done.

Results

You can use the OAuth Provider to secure the APIs in a catalog.