Contents

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents

1 OAuth and Services Gatekeeper

• About Services Gatekeeper Support for OAuth Authentication Server
• OAuth 2.0 Concepts
  • Terminology
  • Entities and Relationships
  • Protocol Endpoints
• Services Gatekeeper Mapping of OAuth
  • OAuth Terminology Mapping to Services Gatekeeper
  • Endpoints Mapping
  • Scope-resource-Communication Service Mapping
  • OAuth Protection for APIs Involving Multiple Resource owners
• Compliance
  • Supported Communication Services
  • Supported OAuth Server Roles
  • Supported Authorization Grant Types
  • Extension Grant Flows Enabled Through Supported Grant Types
  • Supported Token Types
  • Supported Client Profiles
  • OAuth Flows Supported by Services Gatekeeper
    • Authorization Code Grant
    • Implicit Grant
  • Supported URIs (Subscribers)
• Resource Management
  • Resource Mapping
  • Resource Mapping Example
  • Provisioning of Mapped Resources
  • Client Management
  • Resource Owner - Resource Mapping
  • Default Subscriber Manager
• Deployment and Configuration
  • OAuth Configuration
    • Using the OAuthCommonMBean
  • Creating Protected Resources
    • Using the OAuthResourceMBean
      • Operation: loadResourceXml
      • Operation: retrieveResourceXml
      • Operation: retrieveResourceList
  • Configuring Authentication
    • Using the Default Subscriber Manager
    • Using the SubscriberMBean
      • Operation: addSubscriber
      • Operation: getSubscriberInfo
      • Operation: removeSubscriber
      • Operation: updateSubscriber
      • Operation: verifySubscriber
    • Using Delegated Authentication
  • Creating the Resource Owner/Resource Mapping
    • Creating Resource Owner/Resource Mappings Using Regular Expressions
    • Creating Individual Resource Owner/Resource Mappings
  • Configuring Clients
    • Using the OAuthClientMbean
  • Protecting Custom REST APIs with OAuth
  • Example: Protecting the OneAPI Payment Service with OAuth
    • Steps in Protecting the OneAPI Payment Service with OAuth
    • Adding a Client in Services Gatekeeper
    • Configuring the Authentication URL
    • Adding One API Payment Communication Service as an OAuth resource
    • Adding a New Subscriber
    • Assigning the Resource to the Subscriber to Act as Resource owner
• OAuth Runtime
  • Token Issuance
    • Default Authentication and Authorization
    • Authorization for Group URIs
  • Token Validation
• Token Management
  • Using the TokenMangementMBean
    • Operation: listAccessTokensByEndUser
    • Operation: listRefreshTokensByEndUser
    • Operation: listAccessTokensByClientIdAndEndUser
    • Operation: listRefreshTokensByClientIdAndEndUser
    • Operation: listAccessTokensByClientId
    • Operation: listRefreshTokensByClientId
    • Operation: countAccessTokensByClientId
    • Operation: countRefreshTokensByClientId
    • Operation: revokeAccessToken
    • Operation: revokeRefreshToken
• EDRs Generated by the OAuth Service
• Customization
  • Delegated Authentication
    • Delegated Authentication Process Flow
  • Customized OAuth Interceptor
    • Examples: Customized OAuth Interceptor
  • Custom Subscriber Manager
• Application Developer Guide
  • Interacting with the Services Gatekeeper OAuth Service
  • OAuth Access Flow In Services Gatekeeper
  • Errors and Exceptions
• Interaction of OAuth and Services Gatekeeper SLAs
  • Layering Policies and Precedence