API Gateway 7.5.3 OAuth User Guide Client policies and filters API Gateway provides a number of sample policies for when API Gateway is acting as an OAuth client. Sample policies are provided for the following OAuth providers: API Gateway Google SalesForce The following Google sample policies are exposed by the OAuth2 Client API Keys Demo listener on the following paths: Sample policy Exposed on path Description Google Authorize /client/google/authorize This policy is used in the authorization code flow when API Gateway is acting as an OAuth client. It redirects the resource owner's user agent to the Google authorization server, where they are asked to log in and grant access to the requested scope. It uses the Redirect resource owner to Authz Server filter (see Redirect resource owner to authorization server). Google Access Calendar Resource /client/google/calendar This policy is used to access the protected resource (Google Calendar). It uses the the Retrieve OAuth Client Access Token from Token Storage filter (see Retrieve OAuth client access token from token storage) to retrieve the access token received from Google from the API Gateway client access token store. Google Authorize Callback /client/google/callback This policy is used when Google returns the authorization code to the callback URL listener on API Gateway. It uses the Get OAuth Access Token filter (see Get OAuth client access token) to exchange the authorization code for an access token. To view the paths exposed by the OAuth2 Client API Keys Demo listener, select Environment Configuration > Listeners > API Gateway > OAuth2 Client API Keys Demo > Paths in the Policy Studio tree. In the Resolvers window, click on the policy associated with a path to view the sample policy. Alternatively, to view all of the sample policies, select Policies > OAuth Client in the Policy Studio tree. Related Links
Client policies and filters API Gateway provides a number of sample policies for when API Gateway is acting as an OAuth client. Sample policies are provided for the following OAuth providers: API Gateway Google SalesForce The following Google sample policies are exposed by the OAuth2 Client API Keys Demo listener on the following paths: Sample policy Exposed on path Description Google Authorize /client/google/authorize This policy is used in the authorization code flow when API Gateway is acting as an OAuth client. It redirects the resource owner's user agent to the Google authorization server, where they are asked to log in and grant access to the requested scope. It uses the Redirect resource owner to Authz Server filter (see Redirect resource owner to authorization server). Google Access Calendar Resource /client/google/calendar This policy is used to access the protected resource (Google Calendar). It uses the the Retrieve OAuth Client Access Token from Token Storage filter (see Retrieve OAuth client access token from token storage) to retrieve the access token received from Google from the API Gateway client access token store. Google Authorize Callback /client/google/callback This policy is used when Google returns the authorization code to the callback URL listener on API Gateway. It uses the Get OAuth Access Token filter (see Get OAuth client access token) to exchange the authorization code for an access token. To view the paths exposed by the OAuth2 Client API Keys Demo listener, select Environment Configuration > Listeners > API Gateway > OAuth2 Client API Keys Demo > Paths in the Policy Studio tree. In the Resolvers window, click on the policy associated with a path to view the sample policy. Alternatively, to view all of the sample policies, select Policies > OAuth Client in the Policy Studio tree.