Field | Description |
Name | Name of a third-party OAuth 2.0 provider. For example, Amazon. You can also use one of the following pre-configured third-party providers that is shipped with the API Gateway installation: PingFederate OKTA |
Scope management ESB service | Name of an IS service that creates and manages the scopes in the OAuth 2.0 authorization server. You might use the Scope management ESB service field when adding a third-party OAuth 2.0 provider that is not shipped with API Gateway. The OAuth 2.0 scope management does not have any predefined standards, and the implementation for managing the OAuth 2.0 scopes could be varying with different providers. API Gateway uses the IS service to create and manage the OAuth 2.0 scopes in the configured OAuth 2.0 authorization server. API Gateway would send a specific set of parameters to the IS service for the scope management. For details on the parameters for an IS service, see below. |
Client metadata field mapping. Specifies the mapping of OAuth 2.0 dynamic client registration specification to that of the client implementation of the OAuth 2.0 provider. The Client metadata field mapping fields are required when you are adding a third-party provider that is not shipped with API Gateway. | |
Specification name | The client metadata attributes in accordance with the OAuth 2.0 Dynamic Client Registration specification as defined in RFC 7591. |
redirect_uris. Redirection URL that the OAuth 2.0 authorization server uses to redirect the authorization code once the authorization request is approved by end user. Note: If you do not specify this attribute, API Gateway automatically generates the URL. | |
token_endpoint_auth_method. The OAuth 2.0 client authentication method at the token endpoint. | |
grant_types. The grant type of OAuth 2.0 authorization flow to obtain authorization codes, ID tokens, and refresh tokens. | |
response_types. The type of response that the client application uses at the OAuth 2.0 authorization endpoint. | |
client_name. Name of the client to use to represent the client application to the end user during authorization. | |
client_uri. URL of the client application. | |
logo_uri. URL of an image to use to represent the client application to the end user during authorization. Note: The logo_uri is currently not supported in API Gateway. | |
scope. List of user-authorized scopes that the client uses for requesting access tokens. Note: If you do not specify this attribute, the authorization server registers the client with a default set of scopes. | |
contacts. The means (for example, Email address) by which end users can contact the client for support requests. | |
tos_uri. URL of the service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client. Note: The tos_uri is currently not supported in API Gateway. | |
jwks_uri. URL of the JSON Web Key (JWK) Set document containing the client's public keys. Note: The jwks_uri is currently not supported in API Gateway. | |
client_id. Identifier that is unique to the client application. | |
client_secret. The password or phrase for the client application to use to authorize communication with the end user. | |
Implementation name | The client metadata attributes that are used by the OAuth 2.0 authorization server, but are not in accordance with the OAuth 2.0 Dynamic Client Registration specification. Example: For the redirect_uris field, provide the value redirectUris. For the grant_types field, provide the value grantTypes. For the client_name field, provide the value name. For the logo_uri field, provide the value logoUrl. For the client_id field, provide the value clientId. For the client_secret field, provide the value secret. |
Extended request parameters. Specifies the additional client metadata attributes that are specific to the OAuth 2.0 authorization server, and are not specified in the OAuth 2.0 Dynamic Client Registration specification. In PingFederate (For example): forceSecretChange = true | |
Key | The client metadata attribute that is specific to the OAuth 2.0 authorization server. |
Value | A value for the client metadata attribute. When sending requests to the authorization server, this value is appended to all requests. |
Parameter | Description | ||
action | Specifies the action you want to perform on an OAuth 2.0 scope. Possible values are: create and delete. | ||
scopeName | Specifies the name of an OAuth 2.0 scope that is to be created in OAuth 2.0 authorization server. | ||
scopeDescription | Specifies the description of an OAuth 2.0 scope that is to be created in OAuth 2.0 authorization server. | ||
providerName | Specifies the name of an OAuth 2.0 provider. | ||
endpoints | Specifies the Endpoint URL details to create, update, and delete OAuth 2.0 scopes. | ||
endpoint | Specifies an Endpoint URL to create, update, and delete an OAuth 2.0 scope. | ||
headers | Specifies one or more HTTP authorization headers that API Gateway would use to send OAuth 2.0 scope details to OAuth 2.0 authorization server. | ||
https | Specifies the transport protocol that API Gateway would use to send OAuth 2.0 scope details to OAuth 2.0 authorization server. Possible values are: true and false. A value of true allows API Gateway send OAuth 2.0 scope details to OAuth 2.0 authorization server using the HTTP protocol. A value of false allows API Gateway send OAuth 2.0 scope details to OAuth 2.0 authorization server using the HTTPS protocol. | ||
keyStoreAlias | Specifies the alias of keystore containing the private key to secure communication between API Gateway and OAuth 2.0 authorization server. | ||
keyAlias | Specifies the alias for private key to validate the HTTP requests from client applications. | ||
authorizationInfo: Specifies the alias of OAuth 2.0 authorization server. | |||
type | Specifies the type of authentication scheme that API Gateway would use to communicate with the OAuth 2.0 authorization server for OAuth 2.0 scope management. Possible values are: basic and token. | ||
username | Specifies the username to access the protected resources. | ||
password | Specifies a valid password associated with the username. | ||
tokentype | Specifies the type of token that would be contained in the HTTP request. | ||
token | Specifies the token that would be contained in the HTTP request. |