Dear Bob,
Is the gateway working as an Oauth authentication server?
If yes, you don't need extra policy, as the OTK implements the Oauth sever. You just need to create oauth client (usually an oauth client for an app), the app (oauth client) call the otk authentication api, and retrieve the oauth token after authentication, and then call gateway API with the token ( in gateway API, use "OTK Require OAuth 2.0 Token" assertion to validate the token)
You may refer to OTK document for more details,
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-3/registering-clients-with-the-oauth-manager.htmlhttps://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-3/apis-and-assertions.htmlIf you installed oauth test client while install the OTK, it will be a good example of using OTK APIs for different Oauth flow,
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-3/installation-workflow/verify-the-installation/run-the-oauth-2-0-test-client.htmlIf you are not using OTK as oauth sever, but authenticate against a 3rd party oauth server, you may refer to the document/specification of the oauth server on how to perform oauth authentication.
Regards,
Mark
Original Message:
Sent: 03-11-2020 05:39 PM
From: Robert Kohler
Subject: Sample policy for GW to reach a remote Oauth protected API
We use ver 9.4 and OTK.
We have implemented an Authorization fragment to authenticate Oauth2 access to our APIs.
We also have to post to third party APIs from the GW but I have not been able to figure that out nor find an example.
Can someone please help with a sample implementation or point me in the right direction.
Bob Kohler