search cancel

API Gateway: OTK Client Type (confidential -vs- public)

book

Article ID: 189575

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

With respect to OTK, which policy checks if a client type is Public or Confidential?

Environment

Layer 7 Management OAuth Toolkit: 4.3.X

Resolution

The OTK Client Validation policy is the policy where we are checking the client type.

Once a client is registered, using the OTK Manager Client DB GET, we are getting the details of the clients which are registered. For that we are using getAll and storing in a clientstore. Using the result of the clientstore, the OTK Client Validation policy is validating the client type.

Additional Information

We adhere to the rules and principles outlined by OAuth: https://tools.ietf.org/html/rfc6749