Oauth2 specific flow


In the business rule of my company, a company that I provide service has a contract with us. In this contract, it contains several Apis that the users of this company can have access to. Each user has his login and password.

I believe it is visible that our ‘contract’ is the same as a ‘policy’ in TYK.

The verification of login and password and which policy to use is done through our login system. (Our own API).

The problem is how I manage this through oauth2, which process I must follow so that I can create a Token and a Refresh Token.

I know that I will have to do it through our own login API, generating a key in the tyk and returning to the user (browser). So the user uses the APIs through this token.

For each policy I create, will I have to create an OAuth2 Client? And authenticate the user by passing through this client_id?

I do not even know which way to go.

I’m using On Premise.

Danilo Breda.

Hi Danilo

Is Open ID Connect an option for you, it could simplify things? This article references Tyk Cloud, but is also true for Tyk On Prem. https://tyk.io/2016/04/28/openid-connect-support-tyk-cloud/

Let me know, if OIDC isn’t an option, we can point you to other approaches.