API Connect

API Connect

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

Creating a Third-Party OAuth Provider

By KETKI THAKRE posted Tue November 16, 2021 06:50 PM

  

Creating a Third-Party OAuth Provider

 

*This post was originally published on 12 February 2019.

A Third-Party OAuth provider object provides settings to issue and validate tokens in order to protect access to the API. 

New API Connect v2018 supports two types of OAuth Provider resources. This blog focuses on the Third-Party OAuth Provider. My blog NativeOAuth covers Native OAuth Provider.

To create a third-party OAuth provider object in the Cloud or API Manager, select Resources tab on the left navigation bar. Under Resources, select OAuth provider and click on Add> Third party OAuth provider

Step 1: Basic Info

The first step in the wizard requires you to fill out the basic details for your OAuth provider object.



Enter your OAuth provider object title and select the grant type. 

Grant types:

There are 4 supported Grant types:

  • Implicit - An access token is returned immediately without an extra authorization code exchange step.
  • Application - Application to application. Corresponds to the OAuth grant type "Client Credentials." Does not require User Security.
  • Access code - An authorization code is extracted from a URL and exchanged for an access code. Corresponds to the OAuth grant type "Authorization Code."
  • Resource owner password - The user's username and password are exchanged directly for an access token, so can only be used by first-party clients.



Gateway type:

DataPower Gateway refers to APIC V5x framework (compatibility mode) and DataPower API Gateway refers to the new framework which uses API Gateway object. Select the DataPower version of your choice for the gateway and click `Next`.

Step 2: Endpoints
Specify endpoint settings for the third-party OAuth provider.

  • Authorization URL - Client application obtains authorization grant.
  • Token URL - client application exchanges an authorization grant for an access token.
  • Introspection URL - API gateway validates the access tokens that are issued by the third-party provider.
  • TLS profile - TLS profile for communicating with the third-party provider. This field is optional


Once you have finished adding the required endpoints, click `Next`.

Step 3: Scopes

The scopes here are for developers to understand what are allowed to access and do not take effect for scope check.


Sample scopes are added by default. You may choose to modify these scope names/descriptions or add more scopes.

Once you have finished adding the desired scopes, click `Next`.

Step 4: Summary
Summary page allows you to review your changes and gives you the ability to go back and make changes if necessary.

 

If everything looks good, simply click `Finish` and your Third-party OAuth provider object will be created.

You can view the list of your OAuth providers in the resources tab. You can view or make changes to an OAuth provider by clicking on each of the OAuth provider objects


0 comments
37 views

Permalink

https://community.ibm.com/community/user/blogs/ketki-thakre/2021/11/16/creating-a-third-party-oauth-provider