| description |
|---|
This page provides the technical details of the Generic OAuth2 Authorization Server |
The Generic OAuth2 Authorization Server resource is defined to introspect an access_token generated by a generic OAuth2 authorization server.
This resource integrates with common authorization servers by providing a comprehensive configuration with which to apply token introspection.
The following is the compatibility matrix for APIM and the Generic OAuth2 Authorization Server resource:
| Plugin version | APIM version |
|---|---|
| 2.x+ | 3.18.x+ |
| 1.16.x+ | 3.10.x to 3.17.x |
| Up to 1.15.x | Up to 3.9.x |
This resource can be configured with the following options:
| Property | Required | Description | Type | Default |
|---|---|---|---|---|
| introspectionEndpoint | X | The URL which is used by the resource to introspect an incoming access token. | string | - |
| useSystemProxy | X | TUse system proxy. | boolean | false |
| introspectionEndpointMethod | X | HTTP method used to introspect the access token. | HTTP Method | GET |
| clientId | X | The client identifier. | string | - |
| clientSecret | X | The client secret. | string | - |
| useClientAuthorizationHeader | - | To prevent token scanning attacks, the endpoint MUST also require some form of authorization to access this endpoint. In this case we are using an HTTP header for client authentication. | boolean | true |
| clientAuthorizationHeaderName | - | Authorization header. | string | Authorization |
| clientAuthorizationHeaderScheme | - | Authorization scheme. | string | Basic |
| tokenIsSuppliedByQueryParam | - | Access token is passed to the introspection endpoint using a query parameter. | boolean | true |
| tokenQueryParamName | - | Query parameter used to supply access token. | string | token |
| tokenIsSuppliedByHttpHeader | - | Access token is passed to the introspection endpoint using an HTTP header. | boolean | false |
| tokenHeaderName | - | HTTP header used to supply access token. | string | - |
{
"configuration": {
"introspectionEndpoint": "https://my_authorization_server/oauth/check_token",
"introspectionEndpointMethod": "POST",
"clientAuthorizationHeaderName": "Authorization",
"clientAuthorizationHeaderScheme": "Basic",
"clientId": "my-client",
"clientSecret": "f2ddb55e-30b5-4a45-9db5-5e30b52a4574",
"tokenIsSuppliedByHttpHeader": false,
"tokenIsSuppliedByQueryParam": true,
"tokenQueryParamName": "token",
"useClientAuthorizationHeader": true
}
}