I have installed the WS02 API manager and secured my backend REST service with oauth2.
Here is my setup
IP1: WSO2 API manger using the default inbuild key manager. I have published my API here.
IP2: Resource server is running here.
I have simple client application which talks to the key manger to get the Access token and creates a successful call to published API in API manger. Here the API manger validates the token before sending the request to my resource server.
I am looking for the following configuration. Is this possible
- Application will talk to API manager only for generating the token
- Application will make a direct request to Resource server with the token
- Resource server needs to validate the token with Auth server.
I do see explanation in WSo2 Identify server where they suggested to use SOAP based mechanism to validate the token. However I am not able to get how we can achieve this.
Can someone please clarify, what changes needs to be done on Resource server and API manager to get the above flow. As I use API manger only for token generation going only to Identity server makes more sense?
Copyright Notice:Content Author:「ram」,Reproduced under the CC 4.0 BY-SA copyright license with a link to the original source and this disclaimer.
Link to original article:https://stackoverflow.com/questions/42715525/wso2-api-manager-outh-token-validations