Page created: 22 Jul 2020
|
Page updated: 9 Feb 2021
An external API gateway access token validator is a special access token validator that the Sideband API can use when the API gateway itself can validate and parse access tokens.
An external API gateway access token validator accepts a set of parsed access token claims from a trusted gateway and performs no further parsing or validation of its own. For information about how the tokens are processed, see Access token validation.
Note:
External API gateway access token validators are exclusively for use by Sideband API endpoints. If you assign an external API gateway access token validator to any other server component, either explicitly or implicitly, it is ignored.
Example configuration
The following example shows how to configure an external API gateway access token
validator with a token resource lookup method, and then assign it to an existing Sideband
API
endpoint.
dsconfig create-access-token-validator \
--validator-name "API Gateway Access Token Validator" \
--type external-api-gateway \
--set enabled:true \
--set evaluation-order-index:0
dsconfig create-token-resource-lookup-method \
--validator-name "API Gateway Access Token Validator" \
--method-name "Users by uid" \
--type scim \
--set scim-resource-type:Users \
--set 'match-filter:uid eq "%sub%"' \
--set evaluation-order-index:0
dsconfig set-sideband-api-endpoint-prop \
--endpoint-name "My API" \
--set "access-token-validator:API Gateway-Provided Access Token Validator"