Creating a policy for permitted OAuth2 clients
This tutorial describes how to configure a policy to allow specific OAuth2 clients for a REST service. A REST service typically allows only requests from an allow list of OAuth2 clients.
About this task
In the PingAuthorize Policy Editor, define a policy in which each rule specifies an allowed client.
Steps
-
Go to Policies → Policies.
-
Expand Global Decision Point and SCIM Policy Set.
-
Highlight Token Policies and click and then Add Policy.
-
For the name, replace Untitled with
Permitted Clients
. -
From the Combining Algorithm list, select Unless one decision is permit, the decision will be deny.
-
Click Add Rule.
-
For the name, replace Untitled with
Client: client1
. -
From the Effect list, select Permit.
-
In the Condition section:
-
Click Comparison.
-
From the Select an Attribute list, select
HttpRequest.AccessToken.client_id
. -
From the middle, comparison-type list, select
Equals
. -
In the final field, enter
client1
.
-
-
Click Add Rule.
-
For the name, replace Untitled with
Client: client2
. -
From the Effect list, select Permit.
-
In the Condition section:
-
Click Comparison.
-
From the Select an Attribute list, select
HttpRequest.AccessToken.client_id
. -
From the middle, comparison-type list, select
Equals
. -
In the final field, enter
client2
.
-
-
Expand Advice and Obligations.
Do not click Show Advice and Obligations within the client1 or client2 rules.
-
Click Components.
-
From Advice, drag Unauthorized Client to the Advice and Obligations box.
-
Click Save changes.
Result
The completed configuration should resemble the following image.