This policy is used to create an Authorization end point project to generate authorization grant after verifying the identity of resource owner.
In case of Authorization Code grant type request, this end point will generate an authorization code which client can use to obtain an access token. If the request is Implicit grant type, an access token is generated directly. This end point is not required for Password and Client Credentials grant types. Only one instance of Authorization end point API project is sufficient for entire API Management Product.
Configuration
Figure 3: OAuth Auth End Policy Configuration attributes
The property that has to be configured to use the policy are described below.
Property | Description |
---|---|
Access Token Expiry Time | Provide required expiry time to the generated access token. |
The Request for OAuth Authorization End Point has to be constructed with the following query parameters using GET
Property | Description |
---|---|
response _type | The authorization server is informed of the desired grant type using this parameter |
redirect_uri | After completing the interaction with the resource owner, the authorization server directs the resource owner's user-agent back to the client's redirection endpoint. This redirection endpoint URI MUST be an absolute URI. |
If the grant type is Implicit:
- response_type: This parameter is REQUIRED. Value must be set to 'token'
- client_id: This parameter is REQUIRED. Value generated from Client Subscription
- redirect_uri: Provide valid redirection URI
The authorization endpoint redirects to the redirect_uri after adding an access token as a query parameter to it.
If the grant type is Authorization Code:
- response_type: This parameter is REQUIRED. Value must be set to 'code'
- client_id: This parameter is REQUIRED. Value generated from Client Subscription
- redirect_uri: Provide valid redirection URI
The authorization endpoint redirects to the redirect_uri after adding an authorization code as a query parameter to it.