Manage Resource Servers
If you have an OAuth client application and you want to allow the application to access resource server APIs/URLs, you need to set up OAuth authorization. OAuth allows you to grant applications access to resources of another entity on behalf of a user by obtaining JWT access tokens for this purpose. Consider the following example:
:::info example
Bank ABC wants to be able to provide a trusted client application access to user mortgage capability so partners can issue mortgage quotes to customers. Bank ABC creates a user mortgage API/URL and adds it as an authorized API/URL in Identity as a Service and provides corresponding scopes (view:mortgage, add:mortgage, edit:mortgage, remove:mortgage). The scopes correspond to the permissions the client application can request on behalf of the user. Bank ABC protects the mortgage API/URL by validating the JWT access tokens issued by Identity as a Service and presented by the client application.
:::
Limitations
The following are OAuth maximums:
- Maximum of 100 APIs/URLs
- Maximum 100 scopes per API/URL
- Maximum of 100 authorization roles
Topics in this section:
Add an API/URL resource server
Manage OAuth authorization with a resource server.
Configure Role-Based Access Control (RBAC)
Role-based access control allows you to configure the scopes that are contained within OAuth access tokens requested by client applications on behalf of users in order to access protected APIs/URLs. You create Access Management Roles and link them to scopes and users. Consider the following example:
Configure client credential grants
For every resource server that you define, you can configure OIDC and OAuth Web and Server applications to request a server-based JWT access token. The token can be used by client applications to communicate directly with the resource server API.