Exceptions to this are the native User Profile and Consent Management Services that are enforced by OAuth Services. The options for validation within the Oracle stack are Oracle API Gateway (OAG) and Oracle Web Services Manager. (An OAG filter validates the Oracle Access Management OAuth Services token before allowing access to the resource.) Custom code can also be written to provide access control.
Note:
WebGates do not support validating access tokens.