If you have an OAuth client application and you want to allow the application to access resource server APIs/URLs, you need to set up OAuth authorization. OAuth allows you to grant applications access to resources of another entity on behalf of a user by obtaining JWT access tokens for this purpose. Consider the following example:
Example: Bank ABC wants to be able to provide a trusted client application access to user mortgage capability so partners can issue mortgage quotes to customers. Bank ABC creates a user mortgage API/URL and adds it as an authorized API/URL in Identity as a Service and provides corresponding scopes (view:mortgage, add:mortgage, edit:mortgage, remove:mortgage). The scopes correspond to the permissions the client application can request on behalf of the user. Bank ABC protects the mortgage API/URL by validating the JWT access tokens issued by Identity as a Service and presented by the client application.
The following are OAuth maximums:
● Maximum of 100 APIs/URLs
● Maximum 100 scopes per API/URL
● Maximum of 100 authorization roles
Topics in this section:
● Add an API/URL reosurce server
● Configure Role-Based Access Control (RBAC)
● Configure client credential grants
See also the following section for more information:
● Manage OIDC and OAuth tokens