Credential Mapping by OAuth Policy

When applying Credential Mapping by OAuth, remember the following points:

  • The client sends request to the facade operation.
  • When the service invoked by the client request calls the target operation, OAuth credential mapping policy is applied. An access token is obtained using either client credential or owner credential from the token endpoint of the Authorization server. It then propagates the access token to the target operation by adding the access token to the query string when calling the target operation.

Example Policy

CredentialMappingByOAuth.policy

<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
   <ns:CredentialMapping xmlns:ns="http://xsd.tns.tibco.com/governance/policy/action/2009">
      <ns:OAuth>
           <ns:Provider>TIBCO</ns:Provider>
           <ns:ClientID>security</ns:ClientID>
           <ns:ClientSecret>ef6e7dca3d52973f73ec3dd0da7087d400f5a05a</ns:ClientSecret>
           <ns:CallbackURI>http://localhost:9322/asg/oauth2/client/callback</ns:CallbackURI>
           <ns:Scope>public</ns:Scope>
           <ns:GrantType>OWNER_CREDENTIAL</ns:GrantType>
           <ns:Username>eric</ns:Username>
           <ns:Password>#!OG7dY1XHxlRknIJxgIx4TE08IXNX6+MhSiSAXov3K34=</ns:Password>
      </ns:OAuth>
   </ns:CredentialMapping>
</wsp:Policy>