Message Image

Skip main navigation (Press Enter).

Layer7 API Management

Back to discussions

Expand all | Collapse all

OTK Limit Grant Types Allowed

Jeff DoddJan 10, 2019 02:42 PM

In CA OAuth Toolkit OTK 4.1 what is the proper way to limit the allowable grant types. For example, I ...

Joe DascoleJan 10, 2019 03:42 PM

Hi Jeff, My initial thought is to blank out the variable defining the configured grant type. With ...

1. OTK Limit Grant Types Allowed

0 Recommend
Jeff Dodd
Posted Jan 10, 2019 02:42 PM

Reply Reply Privately
In CA OAuth Toolkit OTK 4.1 what is the proper way to limit the allowable grant types. For example, I don't want to allow the client-credential grant type on the token endpoint.
2. Re: OTK Limit Grant Types Allowed

0 Recommend
Broadcom Employee

Joe Dascole
Posted Jan 10, 2019 03:42 PM

Reply Reply Privately
Hi Jeff,

My initial thought is to blank out the variable defining the configured grant type. With the new read-only structure of some policies you would need to edit #OTK Configured Grant Types

Copy out the variable from the main (RO) policy for grant_type_client_credentials and set it to nothing.
When it does a compare it will fail with this error. Additionally, if you specify just the parameter grant_type= it will also fail due to missing or duplicate parameters.

Hope this helps.

{ "error":"unsupported_grant_type", "error_description":"The given grant_type is not supported" }

Regards,
Joe

Copyright 2023. All rights reserved.

Powered by Higher Logic