Access Manager - API Access query
We are using NetIQ Access Manager and we have a requirement to protect APIs and expose it . We intend to use OAUth2.
We are accessing APIs from a batch script- as a nightly job. This is executed from each client.
For this we intend to use OAuth2 access token – Client Credentials grant to get the bearer token and pass it to the API.
Also along with this we need to pass a username as part of access token. This is used later in backend for some authorization/matching. Now, how do I set this username to be part of access token?
As attributes/claims ?
And how do I retrieve the value from token? Is there an endpoint like /UserInfo which works with Client Credentials grant flow.?
You may need to change the choice of the Grant. Client Credential Grant doenst authenticate any user and hence you will not get anything when accessing userinfo endpoint.
Yes, you can add claims and attribute to the token, but you need to authenticate the user( authorization code, implicit, Resource Owner Grant). Once token is received you can use token introspection endpoint to get the details of user.
You can also try using another product called SAPIM which is build for API management only. This product leverage the features of NAM and provide you a seamless API management experience.
check the link https://www.netiq.com/documentation/secure-api-manager-10/
NetIQ solves these issues by providing a system that allows you to manage, create, control, and audit the APIs used in your environment through Secure API Manager. It gives you:
A single repository for all of your APIs
A lifecycle system to track the state of the APIs
Throttling capabilities to limit throughput to certain APIs
A detailed analytics system to show you which APIs are being used the most
Secure access to the APIs due to integration with NetIQ Access Manager