Layer7 API Management

Expand all | Collapse all

otk Oauth 2.0 Token Validation

  • 1.  otk Oauth 2.0 Token Validation

    Posted 10-03-2018 11:18 AM

    I have setup 4.2 otk and using gateway 9.3 , I have generated access token for client credentials grant type by using auth/oauth/v2/token. After genearting token , now i want to validate token is it correct or not i am trying to use OTK OAuth 2.0 Token Validation - Bearer assertion to check is token correct or not but i not able to do that.

    I want to know is i am using right assertion or not if not help me which assertion i have to used and if is right how to use this assertion ?

     

    I have tried this assertion OTK Require OAuth 2.0 Token , till i know this assertion only check is there any token value in header in incoming request but it does not know it is right or wrong so help me that my underdstanding is right or wrong ?



  • 2.  Re: otk Oauth 2.0 Token Validation

    Broadcom Employee
    Posted 12-10-2018 06:35 PM

    Good afternoon,

     

    Were you able to resolve the issue? What was the final result?

     

    Sincerely,


    Stephen Hughes
    Broadcom Support



  • 3.  Re: otk Oauth 2.0 Token Validation

    Broadcom Employee
    Posted 10-04-2018 09:18 AM

    Hi Parag.dabhade,

     

    This document details the required parameters for each grant type:

     

    OAuth Request Scenarios - CA API Management OAuth Toolkit - 4.3 - CA Technologies Documentation 

     

    The authorization code and implicit grant types make use of the /auth/oauth/v2/authorize and /auth/oauth/v2/token endpoints.

     

    i.e.

    Implicit Grant

     

    GET https://ssg:8443/auth/oauth/v2/authorize HTTP/1.1
    Content-Type: application/x-www-form-urlencoded

     

    response_type=token&client_id=54f0c455-4d80-421f-82ca-9194df24859d

     

    Let me know if you have questions regarding the usage in the docs.

     

    Regards,

    Joe



  • 4.  Re: otk Oauth 2.0 Token Validation

    Broadcom Employee
    Posted 10-03-2018 12:04 PM

    Hi Parag,

     

    The OTK Require OAuth 2.0 Token assertion will protect the endpoint with OAuth and also does validation.

    You can create some simple logic like this to see the validation error returned

     

     

    Where the return template response will contain the ${error.msg} variable exposed by the Require oauth assertion.

    In the case of a missing or expired/revoked token you will get this result

     

     

    Regards,

    Joe



  • 5.  Re: otk Oauth 2.0 Token Validation

    Broadcom Employee
    Posted 10-08-2018 08:24 AM

    Hi,

    Did the answers on this thread answered your question? If it did please mark it as the right answer.
    When your question is not answered or you still have additional questions please let us know.

    With Kind Regards
    Dirk



  • 6.  Re: otk Oauth 2.0 Token Validation

    Posted 10-04-2018 04:48 AM

    Hello dasjo02

     

    Thanks for confirmation we will use OTK Require OAuth 2.0 Token to validate token.

     

    Can you also help me in which are required parameter for generating access token from /auth/oauth/v2/token for different grant types.

    I know about client_credentials i don't know about authorization_code,resource_owner and implicit grant type.

     

    Please help me with which are required parameter for above mentions grant types.



  • 7.  Re: otk Oauth 2.0 Token Validation

    Posted 10-09-2018 01:41 AM

    Hi ,

     

    Working on same , testing different grant types once all testing done will mark answer as a right answer.