Hello,
Can you supply more on your requirement of why you need this? Out of the box all clients are allowed to call for any enabled grant_type. or you can specify grant_types allowed for each client.
Are you looking to restrict all clients or just one specific client from calling a specific grant_type?
Which grant_type are you looking to restrict?
Once I understand exactly what you are looking for I can provide better guidance.
Thanks
Barry
Original Message:
Sent: 02-01-2021 01:38 PM
From: Sanjeev Yadav
Subject: Need Custom Implementation of oauth token
Hi Barry,
Thanks for your help. I want to restrict a particular grant_type only (restrict_grantType) & all other grant_type will be allowed then what to mention in the custom_field? Can you please give me the custom_field you showed in a file as attachments to me .
Regards,
Sanjeev
Original Message:
Sent: 02-01-2021 11:35 AM
From: BARRY STERN
Subject: Need Custom Implementation of oauth token
Hi Sanjeev,
As discussed above only Public clients can make call without specifying the client_secret. If you further want to restrict the grant_types a client is allowed to call you can do this using the OTK openid registration
https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-4/openid-connect-implementation/dynamic-registration.html
When you register the client in oauth/manager make sure you include the openid scope and you can specify the list of grant_types the client is allowed to call in the openid Json .openid_registration.response.grant_types
//Screenshot of a client_key specifying grant_types this client is allow to call.
Original Message:
Sent: 01-29-2021 10:13 PM
From: Sanjeev Yadav
Subject: Need Custom Implementation of oauth token
Hii,
Is there any one who can help here. Need to call /oauth/token with only Grant_Type & Client_ID. Client_Secret should not be used & for a perticular grant_type the request will not proceed further.
Regards,
Sanjeev
Original Message:
Sent: 01-27-2021 09:06 AM
From: Sanjeev Yadav
Subject: Need Custom Implementation of oauth token
Hi Barry,
Got it. Now if I want to restrict it for a particular grant_type for this . For a perticular grant_type the oauth call will not process the how to implement it for /oauth/token? please assist.
Regards,
Sanjeev
Original Message:
Sent: 01-26-2021 04:16 PM
From: BARRY STERN
Subject: Need Custom Implementation of oauth token
Hello
You can find details regarding registering clients using the Oauth manager here:
https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-4/registering-clients-with-the-oauth-manager.html
when registering specify client type as public only public clients can generate tokens without specifying client secret.
Original Message:
Sent: 01-26-2021 01:17 PM
From: Sanjeev Yadav
Subject: Need Custom Implementation of oauth token
Hi Barry,
Thanks for your rely . Can you kindly come with the details step where & how need to implement this? Whether it will impact the other API also. Kindly come with details . I new with the Layer 7.
Regards,
Sanjeev
Original Message:
Sent: 01-26-2021 10:55 AM
From: BARRY STERN
Subject: Need Custom Implementation of oauth token
Hello,
The client need to be registered as a public client to issue token without specifying client_secret.
Original Message:
Sent: 01-25-2021 01:52 PM
From: Sanjeev Yadav
Subject: Need Custom Implementation of oauth token
Need to call /oauth/token with only Grant_Type & Client_ID. Client_Secret should not be used. How to customize oauth policy for a particular API thus only Grant_Type & Client_ID can be used to generate the Token not the Client_Secret.
Please give me very low level explanation to implement this ASAP.
Regards,
Sanjeev