AnsweredAssumed Answered

User level access Token in CA API Gateway/OAuth Tool Kit

Question asked by on Nov 30, 2018
Latest reply on Dec 17, 2018 by Stephen_Hughes

Is there any way to generate an OAuth Access Token which is associated to a server/application as well as to a particular user so that the issued token can not be used to operate on another user.


The reason I am asking for a user level token is that , If I issue an access token (Following OAuth 2.0 Client Credential Grant Type) to a server , it just verifies if the right server is accessing the API. However It doesn't limit the usage of token to one particular user. So if the token is compromised then all data can be accessed irrespective of the logged in user.


Note : We are using CA API GW 9.0 & OTK 3.2