Using the OAuth 1.0a Security Policy
Learn how to configure the OAuth 1.0a Trusted Token Policy to enable API authorization using OAuth 1.0a.
For information about using policies in the context of the developer portal, see Business Policies.
Table of Contents
The OAuth 1.0a Trusted Token Policy is a Community Manager policy that provides OAuth Pass-thru support when OAuth 1.0a is used to perform API authorization.
- A default OAuth 1.0a Trusted Token Policy is not added to the Policy Manager Management Console as part of the Community Manager installation and a policy instance must be configured in the Policy Manager Management Console if OAuth 1.0a support is required in Community Manager.
- In Community Manager, selection of this policy is typically assigned to an API after configuring OAuth Details (OAuth Provider, Version, and Resource Mapping) on the API Details page in the Community Manager portal.
- After you configure the OAuth Details, you can use Edit on the API Details page to launch the Edit API Wizard, go to the Proxy page, and in the Advanced Options select OAuth 1.0a Trusted Token in the Policy section.
This policy type does not require any configuration.
Let's take a quick walkthrough of the OAuth 1.0a Trusted Token Policy configuration process to get you started.
Step 1: Add Policy (in Policy Manager Management Console)
You can create an OAuth 1.0a Trusted Token Policy using Add Policy in the Policies > Operational Policies section of the Policy Manager Management Console. The policy must be created in the Policies folder of the Community Manager Tenant Organization as illustrated below.
Use Add Policy to create an OAuth10a Trusted Token Security Policy.
This policy type creates an XML policy that looks like the following:
Step 2: Assign Policy to API in Community Manager
Launch Community Manager perform the following steps:
Configure OAuth Details:
On the API Details page, select OAuth Details, select the OAuth Provider, set the OAuth version to OAuth 1.0a, and configure your Resource Mapping based on your requirements.
On the API Details page, select Edit, go to the Proxy page, select the OAuth10a Trusted Token Security Policy, and save the configuration.