Currently we have our own oauth2 but we want to move to Tyk oauth2 for client credentials, password owner, refresh token and authorization grant types. But username/password for some grant types is from our IDP then we dont need to maintain oauth2 in our side anymore. Is there any way to do that?
I tried with TIB but because TIB only maps access_token and username, then I dont know how to integrate with oauth2 refresh token grant type so I think I wont use TIB.
So I wonder if I write a plugin which call our service to authenticate username/password, if valid then Tyk oauth2 will generate access_token (and refresh_token) for this username/password. Is it possible?
Then I can get access_token and refresh_token with this
curl -X POST http://TYK/my-api/oauth/token/ -H 'authorization: Basic base64_of_clientId:secret' -H 'content-type: application/x-www-form-urlencoded' -d 'grant_type=password&client_id=clientId&username=user@name&password=password'
(user@name/password is user in our db)