Layer7 API Management

Expand all | Collapse all

Gateway as a OAuth2.0 Client

Jump to Best Answer
  • 1.  Gateway as a OAuth2.0 Client

    Posted 08-31-2017 01:32 PM



    I want to mimic API Gateway as a client OAuth2.0 means gateway will act as a client to third part OAuth2.0 server.

    Kindly let me know what should be taken care in gateway to avoid issues and how to store access_token,refresh _token and code to access further third part API calls.


    Thanks in advance,




  • 2.  Re: Gateway as a OAuth2.0 Client
    Best Answer

    Broadcom Employee
    Posted 09-11-2017 10:25 PM

    Dear saisuneel ,

    You can use "Retrieve OAuth 2.0 Token Assertion", Retrieve OAuth 2.0 Token Assertion - CA API Management OAuth Toolkit - 3.1 - CA Technologies Documentation 


    If you have MAG installed, there are policy examples such as "google oauth 2.0 client", or facebook client etc.


    gateway is supposed to be stateless, we don't recommend to persist the tokens. Usually gateway is not the real oauth client, there should be a real client you can return the token to. If you have to, you can persist the tokens to database (via jdbc), or remote cache.