API Gateway 10.3 | Using API Gateway | API Gateway Administration | Security Configuration | OAuth, JWT, and OpenID Configuration
 
OAuth, JWT, and OpenID Configuration
 
OAuth Authentication Use case and Workflow
JWT Authentication Use case and Workflow
OpenID Authentication Use case and Workflow
Configuring the Internal Authorization Server
Adding a Provider
Adding an External Authorization Server
Mapping OAuth or OpenID Scopes
Viewing Scope Mapping Details
Viewing Provider List and Provider Configuration
Modifying the Provider Configuration
Viewing Authorization Server List and Server Configuration
Modifying Authorization Server Configuration
Deleting an Authorization Server
Deleting a Provider
This section describes the Open Authorization (OAuth), JSON Web Token (JWT), and OpenID Connect (OpenID) authentication protocols that you can use to identify and authorize a client application. The application is first identified based on the criteria provided in the strategy configured. A strategy is a way to authenticate the incoming request and provides multiple authentication mechanisms or multiple authorization servers for a single authentication scheme. API Gateway identifies the application and validates the token submitted through the strategy configured in the application.