OIDC Token Authentication Policy
Description
This feature enables securing APIs behind Cloud API Management using a third-party OIDC IDP-based ID token.
-
The policy validates third-party OAuth2.0 access token for authentication and allows calls to the backend API only after successful validation.
-
It provides the ability to configure introspection endpoints to support multiple regional but unique introspection endpoints for a geo-distributed OAuth 2.0 authorization server.
-
Supports the ability to enrich headers with values from the introspection endpoint’s JSON response upon successful validation before forwarding the request to the backend server.
-
The policy provides a configurable capability to block or forward the HTTP Authorization header to the backend API server.
-
Supports JSONPath expressions to locate values from the JSON response (UserInfo endpoint) returned by the authorization server that need to be injected into headers before forwarding the request to the backend server.
-
Supports pre-processing of client requests to influence API behavior within Cloud API Management.