A sample policy using the 'Retrieve OAuth 2.0 Token' Assertion with the Client Credentials and Resource Owner Password Credentials grant types.
This policy makes use of the OAuth 2.0 test clients (id/secret).
For the Resource Owner Password Credentials the Resource Owner ID/PW will need to be changed to fit your environment. It is best to avoid using the text option in favor of the stored password.
This policy is provided as-is without warranty or support of any kind and intended only for guidance in using the assertion. This must not be used on production systems.
Thanks for your quick response. I already made similar change and got it working yesterday.
I am using context variable for username & password (Resource Owner Password Credentials) and getting it from the request URI parameters.
Can you please let me know how did you provide Username and Password in headers ?
You can retrieve the username and password from the header using "request.http.header.<parameter>" where parameter can be username or password.
This can be passed into the "Retrieve OAuth 2.0 Token properties" -> "Resource Owner Authentication" section.
Retrieving data ...