Layer7 API Management

  • 1.  Using grant type = jwt bearer

    Posted Jun 05, 2018 10:39 PM

    Hi ,

     

    We are using a third part application as IDP ,and

    1)it is going to generate a JWT

    2)Send the JWT to APIGW

    3)APIGW  to use /introspect of third party to verify the JWT

    4)If it is valid generate a access_token only and send it to the browser

     

    Can you please help me understand where to make the changes for checking the JWT ,thinking of using grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer



  • 2.  Re: Using grant type = jwt bearer

    Broadcom Employee
    Posted Jun 12, 2018 08:54 AM

    Hi Pavan,

     

    You are better off creating a custom grant type. In newer versions of the OTK the grant_type policies are read-only.

     

    Support Custom Grant Types - CA API Management OAuth Toolkit - 4.2 - CA Technologies Documentation 

     

    Regards,

    Joe   



  • 3.  Re: Using grant type = jwt bearer

    Broadcom Employee
    Posted Jul 01, 2018 06:40 PM

    Dear PavanReddy ,

    It seems you don't have to use OTK, you might just use the JWT instead of access token, the 3rd IDP should provide you JWKS to validate the JWT (using Decode json web token assertion).

     

    Regards,

    Mark