Using the OAuth 1.0a Security Policy

Learn how to configure the OAuth 1.0a Trusted Token Policy to enable API authorization using OAuth 1.0a.

Table of Contents

Introduction

The OAuth 1.0a Trusted Token Policy is a Community Manager policy that provides OAuth Pass-thru support when OAuth 1.0a is used to perform API authorization.

  • A default OAuth 1.0a Trusted Token Policy is not added to the Policy Manager Management Console as part of the Community Manager installation and a policy instance must be configured in the Policy Manager Management Console if OAuth 1.0a support is required in Community Manager.
  • In Community Manager, selection of this policy is typically assigned to an API after configuring OAuth Details (OAuth Provider, Version, and Resource Mapping) on the API Details page in the Community Manager developer portal.
  • After you configure the OAuth Details, you can use Edit on the API Details page to launch the Edit API Wizard, go to the Proxy page, and in the Advanced Options select OAuth 1.0a Trusted Token in the Policy section.

Configuration Options

This policy type does not require any configuration.

Configuration

Let's take a quick walkthrough of the OAuth 1.0a Trusted Token Policy configuration process to get you started.

Step 1: Add Policy (in Policy Manager Management Console)

You can create an OAuth 1.0a Trusted Token Policy using Add Policy in the Policies > Operational Policies section of the Policy Manager Management Console. The policy must be created in the Policies folder of the Community Manager Tenant Organization as illustrated below.

Use Add Policy to create an OAuth10a Trusted Token Security Policy.

This policy type creates an XML policy that looks like the following:

Step 2: Assign Policy to API in Community Manager

Launch Community Manager perform the following steps:

Configure OAuth Details:

On the API Details page, select OAuth Details, select the OAuth Provider, set the OAuth version to OAuth 1.0a, and configure your Resource Mapping based on your requirements.

Assign Policy:

On the API Details page, select Edit, go to the Proxy page, select the OAuth10a Trusted Token Security Policy, and save the configuration.

Activating a policy

When you create and configure a policy, the policy is in Draft state. When the policy configuration is complete, activate the policy: click Activate Policy and then confirm. See Activate a Policy.

A policy in Draft state is not available for general use. Once you activate the policy, it is in Active state and is available for use.

Attaching a policy

To use the policy, go to the Policies folder in the respective organization and attach the policy to a web service, binding, or binding operation.