Layer7 API Management

Client Creds 

04-05-2017 09:03 AM

A sample policy using the 'Retrieve OAuth 2.0 Token' Assertion with the Client Credentials and Resource Owner Password Credentials grant types.

This policy makes use of the OAuth 2.0 test clients (id/secret). 


For the Resource Owner Password Credentials the Resource Owner ID/PW will need to be changed to fit your environment. It is best to avoid using the text option in favor of the stored password.

This policy is provided as-is without warranty or support of any kind and intended only for guidance in using the assertion. This must not be used on production systems.

0 Favorited
1 Files
zip file
Client Creds   2 KB   1 version
Uploaded - 05-29-2019

Tags and Keywords


11-28-2017 06:46 PM


You can retrieve the username and password from the header using "request.http.header.<parameter>" where parameter can be username or password.

This can be passed into the "Retrieve OAuth 2.0 Token properties" -> "Resource Owner Authentication" section.

11-28-2017 10:19 AM

Hi Rudra


Can you please let me know how did you provide Username and Password in headers ?

04-05-2017 07:08 PM

Thanks for your quick response. I already made similar change and got it working yesterday.

I am using context variable for username & password  (Resource Owner Password Credentials) and getting it from the request URI parameters.



Related Entries and Links

No Related Resource entered.