Authentication Policy Requirement
All Authentication policies require the Authorize By Role policy to authenticate the API caller correctly. For example, you can configure this policy to add the role “admin” to the client and then configure the Authorize By Role policy to authorize users with that role.
Policy Execution Order
The OAuth 2.0 Client Credential policy executes after early stage request validation policies, like IP Restriction.
|Parameter Name||Description||Default Value||Example|
|Label||Required. The name for the API policy.||OAuth2 Client Credential||GitHub OAuth 2.0 Policy|
|When this policy should be applied|
An expression enabled field that determines the condition to be fulfilled for the API policy to execute.
For example, if the value in this field is request.method == "POST", the API policy is executed only if the request method is a POST.
|N/A||request.method == “POST”|
Required. The ID of the application registered with the OAuth2 provider.
Required. The client secret for the application registered with the OAuth2 provider.
|Extract into $token||Required. Specifies the location to find the key in the request. If one of the given locations is not found, this API policy will pass the request through to the next API policy.||N/A||N/A|
|Custom Header Keys||The names of the headers that can contain the key. If more than one header is given, they will all be checked. Click + to add more custom header keys.||N/A||X-API-Key|
|Custom Query String Parameter||The names of the query parameters that can contain the key. If more than one name is given, they will all be checked. Click + to add more custom query string parameters.||N/A||access_token|
|Authorization Type||If the key is in the Authorization header, this value is used as the “type” to check.||Token|
|Extract User Info||N/A||N/A|
User ID Expression
Required. An expression that returns a string to be used as the user ID.
Required. An expression that returns the list of roles this user is in.
|Time-To-Live in Seconds|
Required. The number of seconds before it is re-validated.
|600 (10 minutes)||700|