Layer7 API Management

 View Only

Client Creds 

Apr 05, 2017 09:03 AM

A sample policy using the 'Retrieve OAuth 2.0 Token' Assertion with the Client Credentials and Resource Owner Password Credentials grant types.

This policy makes use of the OAuth 2.0 test clients (id/secret). 


For the Resource Owner Password Credentials the Resource Owner ID/PW will need to be changed to fit your environment. It is best to avoid using the text option in favor of the stored password.

This policy is provided as-is without warranty or support of any kind and intended only for guidance in using the assertion. This must not be used on production systems.

0 Favorited
1 Files
zip file
Client Creds   2 KB   1 version
Uploaded - May 29, 2019

Tags and Keywords


Nov 28, 2017 06:46 PM


You can retrieve the username and password from the header using "request.http.header.<parameter>" where parameter can be username or password.

This can be passed into the "Retrieve OAuth 2.0 Token properties" -> "Resource Owner Authentication" section.

Nov 28, 2017 10:19 AM

Hi Rudra


Can you please let me know how did you provide Username and Password in headers ?

Apr 05, 2017 07:08 PM

Thanks for your quick response. I already made similar change and got it working yesterday.

I am using context variable for username & password  (Resource Owner Password Credentials) and getting it from the request URI parameters.



Related Entries and Links

No Related Resource entered.