Layer7 API Management

  • Private Community

  • 1.  OTK retrive

    Posted Jul 22, 2018 10:51 PM

    Hi There, Where can I find the purpose of OTK Access Token Retrieval assertion?



  • 2.  Re: OTK retrive

    Broadcom Employee
    Posted Jul 22, 2018 11:51 PM

    Hello PopleysYsb ,

    It finds the OAuth 2.0 access_token within the http request header, http request parameter or uses the given one. It will fail if a token is found at multiple locations.

     

    Regards,

    Mark



  • 3.  Re: OTK retrive

    Posted Jul 23, 2018 08:08 AM

    Thanks for the response. I understand the client sends the access token request over HTTP to the API  which is being invoked. But i didn't understand the following part "uses the given one. It will fail if a token is found at multiple locations"



  • 4.  Re: OTK retrive
    Best Answer

    Broadcom Employee
    Posted Jul 23, 2018 06:50 PM

    You can input an access token on the properties window of this assertion. That's what "given one" means. When you provide a give token, token in header, or in query string are not allowed.

     

    The main purpose of this assertion is to validate the token location, you can specify only allow token from header (or parameter, or "given one")

     

    In any case, the token cannot appear at multiple locations, token cannot be empty, token cannot contain space.