IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

OAUTH

1. OAUTH

Like
Raghavendra Gorkal
Posted 14 hours ago

Reply
We are making an API call from our app to ISAM authentication policy inorder to perform MFA. Since its a server to server communication, we are securing it through oauth. The app is going to pass a bearer token when they make this API call. Is it best to write an authz rule to validate the bearer token or we can enable oauth-eas and use introspection config to validate the bearer token?

Note: This api call will be used for our forgot password scenario, so the user is not authenticated during the process.

------------------------------
Raghavendra Gorkal
------------------------------

IBM Verify

IBM Verify

OAUTH

1. OAUTH

Additional
Resources

Office

Quick Links

IBM Verify

IBM Verify

OAUTH

1. OAUTH

Related Content

OAuth: API Gateways and ISAM

ISAM: Understanding OAuth introspection authorization

Protect your APIs using WebSEAL and Cloud Identity

OAuth: JWT as an Access Token

WebSEAL: Using OAuth scope to limit access to APIs

Additional Resources

Office

Quick Links

Additional
Resources