I want to know if there's an assertion (Gateway 9.2) which can check the access token generated by an authorization server (OTK or not OTK). The check includes the presence and encyption of access token.
The assertion 'OTK Require OAuth 2.0 Token' can be used lookup and validate a token generated by the OTK. The tokens are not encrypted. For tokens issued by an external authorization server it is likely best to utilize their introspection endpoint (if implemented).
Secure an API Endpoint with OAuth 2.0 - CA API Management OAuth Toolkit - 4.2 - CA Technologies Documentation
Retrieving data ...