Nav

About Configuring an API for OAuth 2.0 Protection

Prerequisites for using the OAuth 2.0 Access Token Enforcement Using External Provider policy are:

Requirements for RAML APIs

If the API protected by the OAuth 2.0 Access Token Enforcement Using External Provider policy is defined using RAML (recommended), define RAML securitySchemes for OAuth 2.0. Within the RAML securitySchemes definition, you include URIs for the authorization and access token as shown in the example.

You specify grant types in RAML securitySchemes. The following example RAML syntax shows the authorizationGrants setting:

settings:
   authorizationUri: https://oauth2provider.cloudhub.io/authorize
   accessTokenUri:  https://oauth2provider.cloudhub.io/access_token
   authorizationGrants: [authorization_code, password, client_credentials, implicit]

Also, add the securedBy node after the method name of the resource and method you want to secure, as shown in the following snippet:

/users:
  get:
    securedBy: [oauth_2_0]

The following table shows the mapping of the RAML grant types to the grant type names in the OAuth 2.0 Access Token Enforcement Using External Provider policy configuration. 

Authorization Grant Types Defined in RAML Definition Equivalent Authorization Grant Type to Enable in the OAuth Provider Policy Supported in embedded APIkit Console?

[implicit]

Implicit

Yes

[client_credentials]

Client Credentials

No

[password]

Resource Owner Password Credentials

No

[authorization_code]

Authorization Code

Yes