Authorization server policies and filters

API Gateway provides the following sample policies that are exposed by the OAuth 2.0 Services listener on the following paths:

Sample policy Exposed on path Description
Authorization Request /api/oauth/authorize

This policy is used in the authorization code grant flow to obtain an authorization code. It uses the Authorization Code Flow filter (see Consume authorization requests).

This policy is also used in the implicit grant flow to obtain an access token. It uses the Create ID Token filter (see Create an OpenID Connect ID token).

Access Token Service /api/oauth/token

This policy is used to obtain an access token. It calls another policy depending on the grant_type in the request:

Revoke Token /api/oauth/revoke This policy is used to revoke an access token or refresh token. It uses the Revoke a Token filter (see Revoke token).
Access Token Info /api/oauth/tokeninfo This policy is used to request information about an access token. It uses the Access Token Information filter (see Get access token information).

To view the paths exposed by the OAuth 2.0 Services listener, select Environment Configuration > Listeners > API Gateway > OAuth 2.0 Services > Paths in the Policy Studio tree. In the Resolvers window, click on the policy associated with a path to view the sample policy. Alternatively, to view all of the sample policies, select Policies > OAuth 2.0 in the Policy Studio tree.

Related Links