5.14.7 Configuring Access Gateway for OAuth

You can configure Access Gateway to validate OAuth tokens on behalf of the resource server. If the token is not valid then Access Gateway returns the unauthorized 401 error to the client application. You can also configure Access Gateway to inject OAuth tokens on behalf of the web applications.

Configuring Access Gateway for OAuth consists of the following steps:

  1. Enabling OAuth in Access Gateway

  2. Configuring an Authorization Policy based on OAuth Scopes

  3. Configuring an Identity Injection Policy for OAuth Claims or Configuring an Identity Injection Policy for User Passwords

  4. Configuring Access Gateway to Inject OAuth Tokens