How-to: OpenID Connect Authentication for OAuth

As we know by now, the OAuth 2.0 protocol was built for authorization, not authentication. It excels at delegated authorization. Log in with Google?  Sure. The OAuth protected API endpoint never sees your Google username and password. It doesn’t need to know who you are. In fact, like a discreet bouncer at an exclusive club, […]

How To: Validate Your OAuth Implementation

Is my Layer7 OAuth Toolkit (OTK) installation working? Valid question. Now that you’ve installed OTK on your API Gateway, and have access to OTK-specific policies and assertions in Policy Manager, it’s time to see OAuth in action. The quickest way to do this is through the pre-configured OAuth test clients and OAuth Manager.You can access […]

How To: OTK Solution Kit Installation

This is the second post in the blog series focusing on the OAuth Toolkit (OTK) kit. The first video was a more academic overview of the OAuth protocol and workflow.  This time we take a look at how to install the OTK solution kit, and how the OTK integrates with the API Gateway to provide easy implementation of OAuth security […]

How-To: OAuth Overview

Today we’re going to take a look at the Layer 7 API Management OAuth toolkit or OTK. For most customers, the OTK is not an optional Gateway add-on. It is an essential product used in the API management lifecycle for securing client authorization and authentication. The OTK implements security using a combination of the OAuth […]