API Gateway 10.11 | Administering API Gateway | Security Configuration | OAuth, JWT, and OpenID Configuration | Configuring Communication Details for Microgateway
 
Configuring Communication Details for Microgateway
When you want Microgateway to use API Gateway as an OAuth2 authorization server, the communication channel between Microgateway and API Gateway has to be set up. The access token is then introspected in the Microgateway using remote introspection. To enable this you have to configure communication details, such as the introspection endpoint, client ID and client secret, in API Gateway, which are then used by Microgateway to introspect the tokens in API Gateway.
*To configure the communication details for Microgateway
1. Expand the menu options icon , in the title bar, and select Administration.
2. Select Security > Microgateway.
3. In the Introspection endpoint field, provide the URL of the introspection endpoint.
For example: http://localhost:5555/invoke/pub.oauth/introspectToken. The endpoint can have http or https depending on the protocol used and the hostname and port are the details of the host used.
Microgateway uses the introspection endpoint to check that access tokens used in client requests are currently active and are valid to invoke the protected resources.
4. In the Client ID field, provide an ID, which specifies the ID of the introspection client on the authorization server that Microgateway uses to introspect the access tokens.
Note:
Introspection client is any OAuth2 confidential client in API Gateway.
5. In the Client secret field, provide the Client secret, which specifies the password of the introspection client that Microgateway uses to introspect the access tokens.
6. In the JWKS URI field, provide the JSON Web Key Signature endpoint to retrieve the corresponding public certificates for performing local introspection.
Microgateway's cache has a key as kid claim and its value is the certificate corresponding to thekid claim. The cache is populated on every restart of Microgateway by invoking the JWKS URI. In the runtime, while validating the token using the local introspection, the kid value from the incoming JWT is fetched and the corresponding certificate is retrieved from the cache and the signature validation happens.
7. Click Save.
The information provided here is stored in the configuration properties file and provisioned as part of the asset provisioning during Microgateway startup.