Layer7 API Management

 View Only

Client Creds ROPC.zip 

Apr 05, 2017 09:03 AM

A sample policy using the 'Retrieve OAuth 2.0 Token' Assertion with the Client Credentials and Resource Owner Password Credentials grant types.

This policy makes use of the OAuth 2.0 test clients (id/secret). 

 

For the Resource Owner Password Credentials the Resource Owner ID/PW will need to be changed to fit your environment. It is best to avoid using the text option in favor of the stored password.

This policy is provided as-is without warranty or support of any kind and intended only for guidance in using the assertion. This must not be used on production systems.

Statistics
0 Favorited
10 Views
1 Files
0 Shares
4 Downloads
Attachment(s)
zip file
Client Creds ROPC.zip   2 KB   1 version
Uploaded - May 29, 2019

Tags and Keywords

Comments

Nov 28, 2017 06:46 PM

Hi,

You can retrieve the username and password from the header using "request.http.header.<parameter>" where parameter can be username or password.

This can be passed into the "Retrieve OAuth 2.0 Token properties" -> "Resource Owner Authentication" section.

Nov 28, 2017 10:19 AM

Hi Rudra

 

Can you please let me know how did you provide Username and Password in headers ?

Apr 05, 2017 07:08 PM

Thanks for your quick response. I already made similar change and got it working yesterday.

I am using context variable for username & password  (Resource Owner Password Credentials) and getting it from the request URI parameters.

 

 

Related Entries and Links

No Related Resource entered.