Skip to main content
Feedback

Overview of OAuth2.0 Token Authentication Policy

Description

This feature enables securing APIs in Cloud API Management using third-party IDP-based OAuth2.0 access tokens.

  • The policy validates third-party OAuth2.0 access token for authentication and allows calls to the backend API only after successful validation.

  • It provides the ability to configure introspection endpoints to support multiple regional but unique introspection endpoints for a geo-distributed OAuth 2.0 authorization server.

  • Supports the ability to enrich headers with values from the introspection endpoint’s JSON response upon successful validation before forwarding the request to the backend server.

  • The policy provides a configurable capability to block or forward the HTTP Authorization header to the backend API server.

  • Supports JSONPath expressions to locate values from the JSON response returned by the authorization server that need to be injected into headers before forwarding the request to the backend server.

  • Supports optional XPath expressions to locate values from the XML response returned by the authorization server (if the response is in XML format instead of JSON) that need to be injected into headers before forwarding the request to the backend server.

  • Supports pre-processing of API request.

On this Page