Add an OAuth client rule to restrict access to API applications based on one or more OAuth client IDs.
- Click Access and then go to Rules > Rules.
- Click + Add Rule.
-
In the Name field, enter a unique name, up to 64
characters long.
Special characters and spaces are allowed.
- From the Type list, select OAuth Client.
- In the Client IDs section, enter one or more Client IDs that allow access. To add additional fields, click + New Value.
- Optional:
If you want to configure rejection handling, click Show Advanced
Settings, and then from the Rejection
Handler list, select an existing rejection handler that defines
whether to display an error template or redirect to a URL.
Note:
You can include information about missing Client IDs in the rejection response using the
$info
variable.For example, if you are using the Default API rejection handler, you could edit the <PA_HOME>/conf/template/oauth.error.json file and change this line:
{"$Encode.forJavaScriptSource($header)":""}
to
{"$Encode.forJavaScriptSource($header)":"#if($info)$Encode.forJavaScriptSource($info)#end"}
- Click Save.