Contents

Popular

This policy is used to create an Authorization endpoint project to generate an authorization grant after verifying the identity of the resource owner.

For Authorization Code grant type request, this endpoint will generate an authorization code which the client can use to obtain an access token. If the request is the Implicit grant type, an access token is generated directly. This endpoint is not required for Password and Client Credentials grant types. Only one instance of Authorization endpoint API project is sufficient for the entire API Management Product.

Configuration


Figure 1: OAuth Auth End Policy Configuration attributes

The property that has to be configured to use the policy is described below.

PropertyDescription
Access Token Expiry TimeProvide required expiry time (select the unit of choice from the drop-down)  to the generated access token.
Enable PKCEEnable this to gain additional security using the technique Proof Key for Code Exchange.
Attributes

Custom attributes to be added in access token or authorization code.

Icon

This will be embedded with the access token that can be extracted and checked during runtime.

Icon

When custom attributes are added to an authorization code, these will be inherited by the access token generated from that code.

Custom attribute will be displayed with access and refresh token in JSON format.

Usage based on Grant Types

Icon

This policy is used only in Implicit and Authorization Code grant type requests

The Request for OAuth Authorization End Point has to be constructed with the following query parameters using GET.

PropertyDescription
response _typeThe authorization server is informed of the desired response type using this parameter(based on the chosen grant type).
redirect_uri

After completing the interaction with the resource owner, the authorization server directs the resource owner's user-agent back to the client's redirection endpoint. This redirection endpoint URI MUST be an absolute URI.

Icon

If the redirect_uri specified is a secured URL, the certificate of the corresponding SSL-enabled server has to be added to the Truststore of the browser or 3rd party clients like SoapUI etc whichever would be used to invoke the OAuth Authorization end point.

client_idThe client identifier as assigned by the authorization server, when the client was registered.

Implicit

To configure OAuth authorization using the Implicit grant type, refer to the Using Implicit section.

The authorization endpoint redirects to the redirect_uri after adding  an access token as a query parameter to it.

Authorization Code

To configure OAuth authorization using the Authorization Code grant type, refer to Step 1 in the Using Authorization Code section.

The authorization endpoint redirects to the redirect_uri after adding an authorization code as a query parameter to it.

Adaptavist ThemeBuilder EngineAtlassian Confluence