This policy allows Access Gateway to inject OAuth token into web applications’ header as an authorization bearer.
To create and configure an OAuth Token policy, perform the following steps:
Select the policy container.
Click, specify a name for the policy. Select from the list, then click .
(Optional) Specify a description for the injection policy. This is useful if you plan to create multiple policies to be used by multiple resources.
In thesection, click > .
NOTE:The format of the token that gets injected depends on theproperty. This property is set in the Identity Server global options.
If this property is set to false or is not specified in the Identity Server global options, the format of the token will be JWT.
You can select OAuth scope from thelist. You can add multiple scopes using this option.The selected scopes get listed in the field. If you want to manually add more scopes or edit existing scopes, you can use the field.
NOTE:The scopes are case-sensitive and have a character limit of 60. You can specify more than one scope separated by a comma.
In thefield, specify a time for the token renewal.
Let suppose Identity Server contract time out is set for 60 minutes. Now, if you specify theas 30, then the token gets renewed 30 minutes (60-30 minutes) after the start of Identity Server session.
Let suppose Identity Server contract time out is set for 60 minutes. Now, if you specify thealso as 60, then there will be a new token issued for each session.
IMPORTANT:For efficient policy execution, it is not recommended to add multiple actions withpolicy. However, if you still add another action, then the token renewal time will be considered based on the lowest time amongst all the actions.
For example, if you set theas 30 and add policy with as 10 minutes, then, the token will be renewed at 10 minutes, instead of 30.
To save the policy, clicktwice, then click .