Hear from Salesforce leaders on how to create and deploy Agentforce agents.
Register now
Contact Us 1-800-596-4880
  1. Homepage
  2. Flex Gateway
  3. Securing and Governing Flex Gateway APIs
  4. Outbound Policies Directory

  5. Credential Injection OAuth 2.0

Credential Injection OAuth 2.0 Policy

Policy Name

Credential Injection OAuth 2.0

Summary

Injects an OAuth 2.0 authorization header into outgoing requests

Category

Security

First Flex Gateway version available

v1.9.0

Returned Status Codes

No return codes exist for this policy. Error codes are returned from the upstream service.

Summary

The Credential Injection OAuth 2.0 policy injects an Authorization token from an OAuth 2.0 service into a request as a header. You can use any third-party OAuth 2.0 Identify Provider (IdP), such as Okta, AWS, Azure, or Google Cloud Platform. The policy allows for tokens based on the OAuth 2.0 Authorization Framework to be injected into requests without having to register an external IdP server in Anypoint Platform.

Configuring Policy Parameters

Flex Gateway Local Mode

In Flex Gateway Local Mode, you apply the Credential Injection OAuth 2.0 policy to your API via declarative configuration files. Refer to the following policy definition and table of parameters:

- policyRef:
    name: http-basic-authentication-flex
  config:
    oauthService: <string> // REQUIRED
    clientId: <string> // REQUIRED
    clientSecret: <string> // REQUIRED
    scope:
      - <string> // OPTIONAL
    overwrite: <boolean> // OPTIONAL
    tokenFetchTimeout: <number> // OPTIONAL
    allowRequestWithoutCredential: <boolean> // OPTIONAL
Parameter Required or Optional Default Value Description

oauthService

Required

https://oauth-server/tokensLeaving the Site

URL of the OAuth 2.0 service.

clientId

Required

N/A

Client ID.

clientSecret

Required

N/A

Client Secret.

scope

Optional

N/A

Scopes to include in the token.

overwrite

Optional

true

When enabled, the policy overwrites the Authorization header with a new authorization token if the header is present.

tokenFetchTimeout

Required

10

Time in seconds to wait for the service to return the token.

allowRequestWithoutCredential

Required

false

When enabled, if the policy can’t retrieve the token, Flex Gateway still sends the request.

Resource Configuration Example

- policyRef:
    name: http-basic-authentication-flex
  config:
    oauthService: <https://oauth-server/tokens>
    clientId: id
    clientSecret: secret
    scope:
      - user
    tokenFetchTimeout: 20
    allowRequestWithoutCredential: true

Flex Gateway Connected Mode

When you use the UI to apply the Credential Injection OAuth 2.0 policy to your API, you can configure the following parameters:

Parameter Description Required?

OAuth 2.0 service URL

URL of the OAuth 2.0 service.

Required

Client ID

Client ID.

Required

Client secret

Client Secret.

Required

Scope

Scopes to include in the token.

Optional

Overwrite header

When enabled, the policy overwrites the Authorization header with a new authorization token if the header is present.

Required

Token fetch timeout

Time in seconds to wait for the service to return the token.

Required

Allow request without credential

When enabled, if the policy can’t retrieve the token, Flex Gateway still sends the request.

Required