I want to mimic API Gateway as a client OAuth2.0 means gateway will act as a client to third part OAuth2.0 server.
Kindly let me know what should be taken care in gateway to avoid issues and how to store access_token,refresh _token and code to access further third part API calls.
Thanks in advance,
Dear saisuneel ,
You can use "Retrieve OAuth 2.0 Token Assertion", Retrieve OAuth 2.0 Token Assertion - CA API Management OAuth Toolkit - 3.1 - CA Technologies Documentation
If you have MAG installed, there are policy examples such as "google oauth 2.0 client", or facebook client etc.
gateway is supposed to be stateless, we don't recommend to persist the tokens. Usually gateway is not the real oauth client, there should be a real client you can return the token to. If you have to, you can persist the tokens to database (via jdbc), or remote cache.