-


Third Party oAuth Providers


 A third party provides the OAuth token presented by a client application. API Connect must determine if the token is valid and either allow or disallow API access.
Add caption
The exchange proceeds as follows.
1. The client application requests an OAuth token from the third party OAuth provider. The provider requires credentials from the client, which are validated by the third party provider. The client obtains a token.
2. The client application sends an API access request to an endpoint managed by API Connect. This request must contain the OAuth token and an API Connect Application ID (and perhaps an optional Secret). API Connect Application ID is used to identify the application to API Connection, it is used for quota enforcement and optional auditing.
The application can provide the credential that APIc needs for 3rd party OAuth provider, by including an x-introspect-basic-authorization header in the request.
If the client does not have a valid API Connect Client ID, it may be necessary to use an intermediary utility to provide this credential. This intermediary could be a script running on API Connect.
3. API Connect must verify the OAuth token. API Connect can take one of two possible actions.
a. if the OAuth token is in JSON Web Token format, API Connect can utilize JWT Validate policy to verify the access token
b. if the OAuth token is an opaque token format, API Connect can contact the issuing third party OAuth provider to verify the token


Comments

Post a Comment

Popular posts from this blog

-
Node Js Non-Blocking IO Overview of Blocking vs Non-Blocking This overview covers the difference between  blocking  and  non-blocking  calls in Node.js. This overview will refer to the event loop and libuv but no prior knowledge of those topics is required. Readers are assumed to have a basic understanding of the JavaScript language and Node.js  callback pattern . "I/O" refers primarily to interaction with the system's disk and network supported by  libuv . Blocking Blocking  is when the execution of additional JavaScript in the Node.js process must wait until a non-JavaScript operation completes. This happens because the event loop is unable to continue running JavaScript while a  blocking  operation is occurring. In Node.js, JavaScript that exhibits poor performance due to being CPU intensive rather than waiting on a non-JavaScript operation, such as I/O, isn't typically referred to as  blocking . Synchronous methods in t...
Read more
-
Python for Everyone Course  Link :  http://www.py4inf.com/ Book with all materials and lessons :  https://www.py4e.com/ PPTS :
Read more
-
Geoserver Print Module Geoserver print process involves two steps. First at the  server side , you have to configure your yaml file, called config.yaml. Go through the detailed documentation at  MapFish print module documentation page . Once this done, the second step is for  client side . Considering you are using openlayers for your front-end, in order to get the list of visible layers, you will need a simple loop with visibility check, e.g. var layers = "" ; for ( var i = 0 ; i < map . layers . length ; i ++) { if ( map . layers [ i ]. visibility == true ){ //get a string of visible layers layers = layers + map . layers [ i ]. name + ',' } } //remove the trailing ',' layers = layers . slice ( 0 , - 1 ); var maptitle = "This is the map title" ; var mapcomment = "This is the map comment" var printurl = "http://host:post/geoserver/pdf/print.pdf?spec={" units ...
Read more