Skip to main content
Feedback

FAQs

The following are frequently asked questions for the OAuth2.0 Token Authentication Connector.

Q: Which IDPs are supported for OAuth2.0 access tokens?

A: The connector supports any third-party IDP that supports an OAuth2.0 access token. Any IDP, including legacy, that is compliant with https://tools.ietf.org/html/rfc6749 for managing the life cycle of OAuth2.0 access tokens.

Q: Do different OAuth2.0 IDPs need different solutions?

A: The connector is agnostic to third-party IDP capable of generating and managing OAuth2.0 access tokens.

Q: Which OAuth2.0 grant types are supported?

A: The connector supports these OAuth2.0 grant types - 'Client Credentials', 'Resource Owner Password', 'Implicit', 'Authorization Code'. The connector validates the OAuth2.0 access token using the introspection endpoint provided by a third-party IDP.

Q: Does the connector support refreshing expired OAuth 2.0 access tokens?

A: The connector does not refresh expired tokens. The client application that uses it is responsible for refreshing the expired token from the third-party IDP.

Q: How many introspection endpoints does the connector support for access token validation?

A: Cloud API Management recommends configuring no more than ten introspection endpoints per service endpoint for a geo-distributed OAuth2.0 authorization server.

Q: Does the OAuth2.0 Token Authentication connector support OpenID Connect end-to-end token validation flow?

A: OpenID Connect uses JWT, a different token format than the OAuth 2.0 token, which is outside the scope of this connector. Refer to the JWT Authentication Connector. An OIDC-enabled IDP can return a JSON object containing the ID token, access token, and an optional refresh token. The token can be in JWT format or can be a normal bearer access token. The client app can try to access the backend API via the Cloud API Management platform by providing a JWT or an access token in the authorization header.

If the client app sends an access token in the authorization header, this connector can work seamlessly with the OIDC-enabled IDP flow as well, provided the introspection token endpoint returns user info. For more details, contact Boomi Support via Boomi Community.