AnsweredAssumed Answered

Can some explain the behavior of OTK Require OAuth2.0 Token?

Question asked by Kareem.shaik7 on Dec 21, 2016
Latest reply on Jan 4, 2017 by Sascha Preibisch

Can some explain the behavior of OTK Require OAuth2.0 Token?


Below is my understanding.


- When we see any OTK assertions in Policy Manager it means OTK is installed and configured. (Assumption)

- Configuration includes connectivity from Gateway to OAuth2.0 server (Assumption).

- To authorize the API consumer against OAuth2.0, we need to insert 'OTK Require OAuth2.0 Token' assertion.

- This assertion retrieves AccessToken from header and communicated with OAuth server to get below parameters related to the consumer:

access_token, content-type, error.code, error.msg, session.client_id, session.expires_at, session.scope, 
session.subscriber_id, status.

(AccessToken should have been created from the OAuth API which takes ClientId and SecretKey and Input - Assumption)

- Successful execution of assertion indicated success in OAuth2.0 authentication.

- On success of 'OTK Require OAuth2.0 Token' policy can proceed to execute further assertions. 


Can someone validate and correct me if my assumptions and understandings is wrong.