Imported Google Group message.
Date:Thursday, 10 September 2015 15:34:32 UTC+1.
There isn't a hook in the OAuth flow that could accommodate that flow, you would need to modify the source to get that to work.
However, The Tyk OAuth flow is actually an inverse of what you've described, it's quite similar:
- User makes a request, client requests a request token
- Tyk forwards the request on to a login page
- The user logs in
- The login app then sends the initial OAuth token request to Tyk, which generates and returns a request token to the login app
- The login page redirects to the client with the request token as if we were in a standard OAuth flow
- The app then uses the request token to get an access token and continue through the gateway
The simplest thing to do is to have your SSO do step 4 but instead of using the original request objects, it generates its own valid ones for that client. The process from there on looks very similar to what you've described except for the calling back and forth to the SSO. If the SSO is the originator of the request token (it requested it, not the client), then it would be valid, wouldn't it?
It depends on whether the SSO can be modified to send a POST to the Tyk API.
The alternative is to modify the OAuth server itself in Tyk, which is totally possible, but might be painful to do...
If you want to take this conversation offline to discuss your requirements and capability in more detail, email me on mar...@tyk.io
From: Anand Natarajan anand...@gmail.com
Sent: Thursday, September 10, 2015 15:15
Subject: Re: Granting OAuth token in exchange to SSO(CAS) Service Ticket
To: Tyk Community Support tyk-commun...@googlegroups.com
- show quoted text -
To view this discussion on the web, visit https://groups.google.com/d/msgid/tyk-community-support/79de1fe2-b907-4265-a625-eef7ebbae62c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.