Access Gateway injects the Access token on behalf of web applications

This configuration is used when Access Gateway injects access tokens into the authorization header.

Figure 5-22 The following diagram illustrates the workflow:

  1. The user sends request to access a web application protected by Access Gateway.

  2. Access Gateway redirects the user to Identity Server, which prompts for user authentication.

  3. On successful authentication, Access Gateway shares the session details with Identity server to fetch the OAuth token.

  4. Identity server authenticates the session details and issues an access token to Access Gateway.

  5. Access Gateway injects the access token into the authorization header.