CentraSite Documentation : Runtime Governance with CentraSite : Run-Time Governance Reference : Built-In Run-Time Actions Reference for APIs : Run-Time Actions Reference : Evaluate OAuth2 Token
Evaluate OAuth2 Token
If you have a native API that requires to authenticate a client to the Integration Server using the OAuth 2.0 credentials (access token), you can use the Evaluate OAuth2 Authentication action to extract the client's credentials from the HTTP request header, and verify the client's identity.
This action extracts the specified OAuth access token from an incoming request and locates the client defined by that access token. For example, when you have configured this action for an API, the PEP extracts the OAuth access token from the request’s HTTP header at run time and searches its list of consumers for the client that is defined by that access token.
Mediator will evaluate the incoming request to identify and validate that the client's access token.
Mediator rejects requests that do not include the OAuth access token of an Integration Server user.
Mediator supports OAuth2.0 using the grant type “Client Credentials”.
If Mediator cannot identify the client, Mediator fails the request and generates a Policy Violation event.
Input Parameters
Identify User
String. The list of consumers against which the OAuth token should be validated for identifying requests from a particular client.
Value
Description
Registered Consumers
Mediator will try to verify the client's OAuth access token against the list of consumer applications who are registered as consumers for the specified API.
Global Consumers
Default. Mediator will try to verify the client's OAuth access token against a list of all global consumers available in the Mediator.
Validate Access Token
Boolean. Optional. This option uses your resource server to verify clients. When Integration Server acts as a resource server, it receives requests from clients that include an access token. The resource server asks the authorization server to validate the access token and user. If the token is valid and the user has privileges to access the folders and services, the resource server executes the request.
For more information about using Integration Server to act as a resource server, see webMethods Integration Server Administrator’s Guide.
Value
Description
True
Default. Mediator will verify the client's OAuth access token against the list of consumers available in the Integration Server on which Mediator is running.
False
Mediator will not verify the client's OAuth access token.
Copyright © 2005-2015 Software AG, Darmstadt, Germany.

Product LogoContact Support   |   Community   |   Feedback