A simple encapsulated assertion utilizing the Client Credentials grant type in OAuth. This should work well with our own OTK and other providers that utilize this grant.
If no values are supplied to the encapsulated assertion it will default to the OTK install and test client id/secret. If the test clients are not installed and not custom values supplied it will result in an error.
1) Import the policy (Policy manager -> Tasks -> Extensions and add-ons -> Manage Encapsulated Assertions)
2) Click the import button and browse to the XML
3) Create a new service and add the 'RetrieveOAuthToken' assertion
4) Optionally specify the client id, client secret, redirect uri, authorization server, token server and scope(s)
You will notice the authorization server is included despite not being needed with this grant type... why?
Because I hope to expand on this policy to handle the other grant types as well. I wanted to start small and help build this out.
Please feel free to share your feedback, did something not work right? something you want to improve on?