Layer7 API Management

 View Only

Retrieve OAuth 2.0 Token Assertion sample policy 

Mar 03, 2017 09:21 AM

A sample policy using the 'Retrieve OAuth 2.0 Token' Assertion with the Authorization Code grant type.

This policy makes use of the OAuth 2.0 test clients (id/secret). 

 

1. Create a new endpoint on your gateway (i.e: /redirect)

2. Import the sample policy

3. Edit the OAuth2Client test client and change the callback URL to the endpoint created in step 1

4. Access the endpoint via browser (i.e: https://gateway.com:8443/redirect)

 

An HTML response will be received with your token.

 

This policy is provided as-is without warranty or support of any kind and intended only for guidance in using the assertion. This must not be used on production systems.

Statistics
0 Favorited
57 Views
1 Files
0 Shares
26 Downloads
Attachment(s)
zip file
Retrieve_OAuth_2.0_Token_Sample.zip   1 KB   1 version
Uploaded - May 29, 2019

Tags and Keywords

Comments

Jul 25, 2018 12:08 AM

Hi,

 

The assertion i am talking about is "RetrieveOAuth2Token" which comes with MAG installation . I can see all the other Grant_Type in the drop down of this assertion except "SAML Grant_Type".

I was trying to use this custom assertion to enable SAML OAuth2 handshake to generate token based on SAML bearer token in input request.

 

Meanwhile, I have found another way by modifying the OTK policies to make it work.

Jul 10, 2018 12:25 PM

Hi!

I am not sure if I understand your desired flow. Requiring an oauth token is usually used at an oauth protected API, independent of a grant_type. Have you got more details about your case?

Jul 09, 2018 11:21 PM

dasjo02

 

Is there anyway to use the "retrieveOauth2 Token" assertion for Grant_Type: SAML? I don't see any option to select this Grant type.

I have made the required changes to OTK policies to enable SAML grant type and now need to use this assertion to generate Oauth Token.

Nov 28, 2017 12:40 PM

I have recently added a blog post about available variables when using "OTK Require OAuth 2.0 Token". Please check it out, it may also help:

Tip of the week: protecting APIs using OAuth / OTK 

Nov 16, 2017 09:45 AM

MAG (Mobile API Gateway) is a separate component that must be purchased.

You can read more about MAG here to see if it fits your needs: Mobile API Gateway Home - CA Mobile API Gateway - 4.0 - CA Technologies Documentation 

Nov 14, 2017 06:51 AM

what is MAG and where can i download it?

I have SSG 9.2 with Oauth2 4v installed.

May 04, 2017 09:18 AM

Hi karpa08,

 

I just tested the 3 sample policies on OTK 4.0 (GW 9.2, MAG 4.0) without issue. If you are running into problems please post a new question on communities with the error and I will be happy to look into further.

 

Regards,

Joe

May 04, 2017 04:25 AM

Hello Joe,

 

Thanks for the contribution here. Does the sample policy that you provided work with OTK 4.0? I try it alongside Gateway 9.2 and MAG 4.0 but without success.

 

Regards,

 

Panagiotis

Apr 05, 2017 09:04 AM

Samples of Client Credentials and Resource Owner Password Credentials grants can be found here:

 

Client Creds ROPC.zip 

 

Regards,

Joe

Apr 05, 2017 08:53 AM

Hi Rudra,

 

Depending on your needs (and level of trust with the client app) you can use the Client Credentials or Resource Owner Password Credentials grant types.

I will upload some samples for you.

 

Regards,

Joe

Apr 04, 2017 09:46 PM

Hi All,

 

Thanks for your response. I got MAG installed and it is working now.

This is good for testing the OAuth2 using web form/login page, but is there any way to make it work for Mobile apps?

Mobile Apps don't need to have a login page presented for the first time login, to get a token. 

Mar 14, 2017 10:50 AM

You also need a valid MAG license installed to be able to use this assertion. Because it comes with MAG it needs a MAG license :-)

 

Regards

Steffen

Mar 14, 2017 08:23 AM

Hi Rudra,

 

Is it showing disabled or 'Unknown assertion' as seen below? The assertion is actually installed as part of MAG (Mobile API Gateway), I suspect you may not have that installed.

 

 

Regards,

Joe

Mar 13, 2017 10:37 PM

Hi,

 

I imported the policy into CA API gateway policy manager 9.2.0  with OTK 3.6 installed.

But after importing the policy, it is showing assertion "RetrieveOAUTH2Token' as disabled.

How to get this enabled? Do i have to request for this assertion to CA ?

 

Thanks,

Rudra Singh

Mar 03, 2017 02:25 PM

Thanks @dasjo02, seeing numerous requests for this type of example. 

Related Entries and Links

No Related Resource entered.