Retrieve OAuth 2.0 Token Assertion sample policy

File uploaded by dasjo02 Employee on Mar 3, 2017Last modified by dasjo02 Employee on Mar 3, 2017
Version 2Show Document
  • View in full screen mode

A sample policy using the 'Retrieve OAuth 2.0 Token' Assertion with the Authorization Code grant type.

This policy makes use of the OAuth 2.0 test clients (id/secret). 


1. Create a new endpoint on your gateway (i.e: /redirect)

2. Import the sample policy

3. Edit the OAuth2Client test client and change the callback URL to the endpoint created in step 1

4. Access the endpoint via browser (i.e:


An HTML response will be received with your token.


This policy is provided as-is without warranty or support of any kind and intended only for guidance in using the assertion. This must not be used on production systems.