To add an OAuth 2.0 authorization server To add an OAuth 2.0 authorization server
EndpointsAuthenticationSSL ConfigurationMetadataToken introspection
) and down arrow (
) icons that appear next to the section name.Field | Description | |
Authorization server alias | Alias of the authorization server. | |
Provider name | Name of a third-party OAuth 2.0 provider. | |
Field | Description | |
Use keystore | Select Use keystore to allow client authentication only over a two-way SSL connection. | |
Type | Select one or more Endpoint URL types to create, update, and delete client applications and scopes. Client read: Fetches the details of a client application specified by the clientId.Client registration: Registers a client application in the authorization server.Client update: Updates the configuration of a client application specified by the clientId.Client delete: Deletes a client application specified by the clientId.Scope read: Fetches the details of a scope specified by the scopeId.Scope create: Creates a scope for the authorization server.Scope update: Updates the configuration of a scope specified by the scopeId.Scope delete: Deletes a scope specified by the scopeId.For example, to update an OAuth client application or an OAuth scope, the endpoint URL should be specified as: PUT /oauth2/v1/clients/:clientId PUT /oauth2/v1/scopes/:scopeId In the above endpoint URLs, the clientId and scopeId should be specified in a set of curly braces. PUT /oauth2/v1/clients/{client_id} PUT /oauth2/v1/scopes/{scope_id} | |
URL | Specifies the corresponding REST endpoint URLs for the client configuration and scope configuration of REST APIs. | |
Headers | Specifies the authorization header that API Gateway should send to the OAuth 2.0 authorization server. | |
Key | The HTTP header key that should be included in the authorization header of API requests. | |
Value | The HTTP header value that should be included in the authorization header of API requests. | |
Field | Description | |
Type | Specifies the type of authentication scheme that API Gateway would use to communicate with the OAuth 2.0 authorization server for client and scope management. | |
Basic. Specifies the username and password information that would be passed in the authorization header of HTTP request for client authentication. | ||
Username. The username to access the protected resources of REST APIs. | ||
Password. A valid password associated with the username. | ||
Token. Specifies the token information that would be added as a bearer token in the HTTP request for client authentication. | ||
Token type. The type of token that would be contained in the HTTP request. | ||
Token. The token that would be contained in the HTTP requests. | ||
Field | Description | |
Keystore alias | Alias of the keystore containing the private key that is used for a secured communication between API Gateway and OAuth 2.0 authorization server. The Keystore alias box lists all the keystore aliases available in API Gateway. If there are no configured keystore aliases, this box lists the default Integration Server keystore, DEFAULT_IS_KEYSTORE. | |
Key alias | Alias for the private key to use to validate the HTTP requests from the client. The Key alias box is auto-populated and lists all the aliases available in the selected keystore. If there are no configured keystores, this list box is empty. | |
Field | Description | |
Access token URL | The endpoint URL on the authorization server through which the client application exchanges the authorization code, client ID, and client secret, for an access token. | |
Authorize URL | The endpoint URL on the authorization server through which the end user authenticates and grants authorization to the client application. | |
Refresh token URL | The endpoint URL on the authorization server through which the client application refreshes an expired access token. | |
Field | Description | |
Introspection endpoint | URL of the token introspection endpoint of a third-party OAuth 2.0 authorization server. API Gateway uses the introspection endpoint to check that access tokens used in client requests are currently active. | |
User | The Integration Server user that API Gateway uses to invoke the token introspection endpoint. | |
Client ID | ID of the introspection client on the OAuth 2.0 authorization server that API Gateway uses to introspect the access tokens. | |
Client secret | Password of the introspection client that API Gateway uses to introspect the access tokens. | |
Keystore alias | Alias of the keystore that API Gateway uses to communicate with the OAuth 2.0 authorization server during a mutual (two-way) SSL handshake. The Keystore alias field contains a list of the available keystore aliases in API Gateway. If there are no configured keystore aliases, this field displays the DEFAULT_IS_KEYSTORE. Note: You need to select a keystore alias only when the client account on the corresponding OAuth 2.0 authorization server is configured to use mutual (two-way) SSL. | |
Key alias | Alias of the private key that API Gateway uses to communicate with the third-party OAuth 2.0 authorization server during a mutual (two-way) SSL handshake. The Key alias field contains a list of the available aliases in the selected keystore. If there are no configured keystores, this field is empty. Note: You need to select a key alias only when the client account on the corresponding OAuth 2.0 authorization server is configured to use mutual (two-way) SSL. | |
Truststore alias | Alias of the truststore on API Gateway that holds the Certificate Authority (CA) certificate of third-party OAuth 2.0 authorization server. Note: You need to select a truststore alias only when all of the following are true: The client account on the third-party OAuth 2.0 authorization server is configured to use mutual (two-way) SSL, andThe authorization server’s Certificate Authority certificate is not in the set of well-known authorities trusted by the JVM in which API Gateway runs. | |