We have a requirement to issue an access token after doing authentication with custom set of ruled. I have built an API that does the performs the required authentication. Now i need to issue a token and send the response. As of now i am calling the available OAuth endpoint "https://localhost:443/auth/oauth/v2/token" from the policy internally and sending the response of that to the consumer . I think this will add some amount of latency. Instead of doing so
Can i make use of "OTK Generate OAuth Token" Assertion to generate the token and form the response? What is the best way to do it?
Please let me know if any one has suggestions on this
The "OTK Generate Oauth Token" does not actually generate a valid token that is usable, all that EA does is initialize the uuid for the token and the refresh token. It does not persist the token to the token store for usage.
What are the requirements for authentication that you are not able to account for within the OTK User Autherntications policies allowing you to use the /auth/ouath/v2/token endpoint directly?
We do use the oauth/v2/token endpoint for most of the APIs.
But in one of the case consumer gets the token from a external system and passes it in header. We are trying to validate that token by connecting to the external system via API and if it's validated then issue a token.
In that case one option I would explore is to use a custom grant type and embed the logic to validate the third party token in the custom grant type policy.
This is documentation on configuring custom grant_types
Support Custom Grant Types - CA API Management OAuth Toolkit - 4.0 - CA Technologies Documentation
this documentation also shows how you can use the "OTK Token Storage (access_token, refresh_token)" assertion to persist a new token and then return it.