Evaluate OAuth2 Token

If you have a native API that requires to authenticate a client to the Integration Server using the OAuth 2.0 credentials (access token), you can use the Evaluate OAuth2 Authentication action to extract the client's credentials from the HTTP request header, and verify the client's identity.

This action extracts the specified OAuth access token from an incoming request and locates the client defined by that access token. For example, when you have configured this action for an API, the PEP extracts the OAuth access token from the request’s HTTP header at run time and searches its list of consumers for the client that is defined by that access token.

Identify User	String. The list of consumers against which the OAuth token should be validated for identifying requests from a particular client.
	Value	Description
	Registered Consumers	Mediator will try to verify the client's OAuth access token against the list of consumer applications who are registered as consumers for the specified API.
	Global Consumers	Default. Mediator will try to verify the client's OAuth access token against a list of all global consumers available in the Mediator.
Validate Access Token	Boolean. Optional. This option uses your resource server to verify clients. When Integration Server acts as a resource server, it receives requests from clients that include an access token. The resource server asks the authorization server to validate the access token and user. If the token is valid and the user has privileges to access the folders and services, the resource server executes the request. For more information about using Integration Server to act as a resource server, see webMethods Integration Server Administrator’s Guide.
	Value	Description
	True	Default. Mediator will verify the client's OAuth access token against the list of consumers available in the Integration Server on which Mediator is running.
	False	Mediator will not verify the client's OAuth access token.