In the business rule of my company, a company that I provide service has a contract with us. In this contract, it contains several Apis that the users of this company can have access to. Each user has his login and password.
I believe it is visible that our 'contract' is the same as a 'policy' in TYK.
The verification of login and password and which policy to use is done through our login system. (Our own API).
The problem is how I manage this through oauth2, which process I must follow so that I can create a Token and a Refresh Token.
I know that I will have to do it through our own login API, generating a key in the tyk and returning to the user (browser). So the user uses the APIs through this token.
For each policy I create, will I have to create an OAuth2 Client? And authenticate the user by passing through this client_id?
I do not even know which way to go.
I'm using On Premise.