Search Results

OAuth2.0 Token Authentication Connector

Release Notes

TIBCO Cloud Mashery Release Date Release Type Release Description
June 11, 2020 New Feature Support securing APIs in TIBCO Mashery using third party IDP based OAuth2.0 access token.
New Feature Ability to configure up to ten OAuth2.0 introspection endpoints per service endpoint for token validation using any third party IDP.
New Feature Conditional pickup of introspection endpoint for token validation based on incoming meta data for geo-distributed API services.
New Feature Ability to enrich API request header with meta data that can be returned after successful token validation.

Description

This feature enables securing APIs in TIBCO Mashery using third party IDP based OAuth2.0 access token.
  • The Connector validates third party OAuth2.0 access token for authentication and allows call to backend API only on successful validation.
  • Provides an ability to have configurable introspection endpoints to support multiple regional but unique introspection endpoint for geo distributed OAuth2.0 authorization server.
  • Supports an ability to enrich header with values from introspection endpoint JSON response on successful validation before forwarding request to the backend server.
  • Connector provides configurable capability to block/forward http Authorization header to backend API server.
  • Supports JSONPath expression to locate value from JSON response from Authorization server that need injection to header before forwarding to the backend server.
  • Supports optional XPath expression to locate value from XML response from Authorization server (if response is in XML format instead of JSON) that need injection to header before forwarding to the backend server.
  • Supports pre-processing of API request.