Overview of OAuth2.0 Token Authentication Connector

Release Notes

Release Date	Release Type	Release Description
June 11, 2020	New Feature	Support securing APIs in using third party IDP based OAuth2.0 access token.
	New Feature	Ability to configure up to ten OAuth2.0 introspection endpoints per service endpoint for token validation using any third party IDP.
	New Feature	Conditional pickup of introspection endpoint for token validation based on incoming meta data for geo-distributed API services.
	New Feature	Ability to enrich API request header with meta data that can be returned after successful token validation.

Description

This feature enables securing APIs in Cloud API Management using third-party IDP-based OAuth2.0 access tokens.

• The connector validates third-party OAuth2.0 access token for authentication and allows calls to the backend API only after successful validation.

• It provides the ability to configure introspection endpoints to support multiple regional but unique introspection endpoints for a geo-distributed OAuth 2.0 authorization server.

• Supports the ability to enrich headers with values from the introspection endpoint’s JSON response upon successful validation before forwarding the request to the backend server.

• The connector provides a configurable capability to block or forward the HTTP Authorization header to the backend API server.

• Supports JSONPath expressions to locate values from the JSON response returned by the authorization server that need to be injected into headers before forwarding the request to the backend server.

• Supports optional XPath expressions to locate values from the XML response returned by the authorization server (if the response is in XML format instead of JSON) that need to be injected into headers before forwarding the request to the backend server.

• Supports pre-processing of API request.