Oauth2 specific flow


#1

Hi,

In the business rule of my company, a company that I provide service has a contract with us. In this contract, it contains several Apis that the users of this company can have access to. Each user has his login and password.

I believe it is visible that our ‘contract’ is the same as a ‘policy’ in TYK.

The verification of login and password and which policy to use is done through our login system. (Our own API).

The problem is how I manage this through oauth2, which process I must follow so that I can create a Token and a Refresh Token.

I know that I will have to do it through our own login API, generating a key in the tyk and returning to the user (browser). So the user uses the APIs through this token.

For each policy I create, will I have to create an OAuth2 Client? And authenticate the user by passing through this client_id?

I do not even know which way to go.

I’m using On Premise.

Thanks.
Danilo Breda.


#2

Hi Danilo

Is Open ID Connect an option for you, it could simplify things? This article references Tyk Cloud, but is also true for Tyk On Prem. https://tyk.io/2016/04/28/openid-connect-support-tyk-cloud/

Let me know, if OIDC isn’t an option, we can point you to other approaches.