Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: APIM-437
Table of Contents
maxLevel6
minLevel1
include
outlinefalse
indent
exclude
typelist
printablefalse
class

...

Info

Known Issue

We do not support Azure AD for the OAuth 2.0 Client Credentials policy because Azure AD does not provide an introspection endpoint.
Workaround: Use the JWT credentials in the Generic OAuth2 policy to authenticate with Azure AD.

...

Parameter Name

Description

Default Value

Example

Label

Required. The name for the API policy.

OAuth2 Client Credential

GitHub OAuth 2.0 Policy

When this policy should be applied

An expression enabled field that determines the condition to be fulfilled for the API policy to execute.

For example, if the value in this field is request.method == "POST", the API policy is executed only if the request method is a POST.

N/A

request.method == “POST”

Introspection Endpoint

Required. The mechanism for client servers to obtain information about the access token. The response from this token introspection endpoint will be stored in $response and can be referenced in User ID Expression and Roles Expression.

N/A

https://auth.pingone.com/2f6b6ab3-1fa7-4a7d-ba4d-00dbebd6d056/as/introspect

Client ID

Required. The ID of the application registered with the OAuth2 provider.

N/A

jdoe@beignet.com

Client Secret

Required. The client secret for the application registered with the OAuth2 provider.

You can also reference a secret from a 3rd-party Secrets Manager vendor by entering an expression.

N/A

chocolatE

Extract into $token

Required. Specifies the location to find the key in the request. If one of the given locations is not found, this API policy will pass the request through to the next API policy.

N/A

N/A

Custom Header Keys

The names of the headers that can contain the key. If more than one header is given, they will all be checked. Click + to add more custom header keys.

N/A

X-API-Key

Custom Query String Parameter

The names of the query parameters that can contain the key. If more than one name is given, they will all be checked. Click + to add more custom query string parameters.

N/A

access_token

Authorization Type

If the key is in the Authorization header, this value is used as the “type” to check.

Token

Key

Extract User Info

Required.  Specifies how to extract information about the user from the working object.

N/A

N/A

User ID Expression

Required. An expression that returns a string to be used as the user ID.

N/A

$response.email

Roles Expression

Required. An expression that returns the list of roles this user is in.

N/A

$response.groups.map(group => group.name)

Time-To-Live in Seconds

Required. The number of seconds the token is valid for before it is re-validated.

600 (10 minutes)

700

Status

Specifies whether the API policy is enabled or disabled. 

Enabled

Disabled

...

Parameter Name

Field Type

Example

Label*

String

SnapLogic OAuth2 Policy

When this policy should be applied

String/Expression

request.method == “POST”

Introspection Endpoint*

String/Expression

https://auth.pingone.asia/92888efd-6423-4f73-9523-ae8fa6c99cee/as/introspect

Client ID*

String/Expression

0a781dd3-744c-4795-924d-b72b71c93a5f

Client Secret*

String/Expression

OwPmby3VbPpMJjKG5vXG4QciClg2xZw6oXnrXvDufRBIgbOHK5-PXvlLg0ml.DDG

Extract into $token*

N/A

Customer Header Key

String/Expression

X-API-Key

Custom Query String Parameter

String/Expression

query

Authorization Header Type

String

token

Extract User Info*

N/A

User ID Expression*

String/Expression

User

Roles Expression*

String/Expression

staff

Time-To-Live in Seconds*

String/Expression

600 (10 minutes)

Status

Dropdown List

Enabled

...

See Also