Hello Folks,

I am trying to implement Oauth Authorization code flow on datapower. I have created Oauth objects successfully and through curl command my oauth flow is working fine.

My question is, during very first call to web token service to get access code, I am receiving an HTML page and when I save this page in ".html" format and open it in browser and click on allow button, then I will be receiving code in location header. 

Now, I have to convert this call to XSLT. So, How can I handle this scenario like after calling my web token service, posting that html page and click on allow button through xslt to receive access code

Thanks in advance. 

In XSLT, you'll have to use url-open to simulate submitting a web page by POSTing the correct information to the target URL.  In the policy rule configuration, you can use a Results action to do so.

Without further detailed information, that's the best we can give you.

------------------------------
Joseph Morgan
------------------------------

In addition to what Joseph commented earlier, do you have an option to use some other type of OAuth 2.0 flow? Authorization code flow isn't very suitable for server-to-server scenarios and thus the authorization endpoints also support other flows, for example client credentials grant flow. 

https://auth0.com/docs/get-started/authentication-and-authorization-flow/which-oauth-2-0-flow-should-i-use