- Products
- SOA Governance
- API Management
- Cloud Integration
- Other Platforms
- Features & Benefits
- Solutions
- SOA
- API
- Cloud
- Government Solutions
- Other
- Case Studies
- Latest SOA Case Studies
- Latest API Case Studies
- Latest Cloud Case Studies
- More Case Studies
- US Intelligence Community – Secure Data Sharing
- Ogilvy & Mather – Web Services Security
- Quebec Finance Ministry – CGI Solution
- Belgium French Community (ETNIC) – Secure eGovernment Services
- British Columbia Attorney General - XML & Web Services Security
- US Army Accessions Command - Managing the Service Lifecycle
- Tutorials
- API Management
- Development
- Identity Access
- OAuth
- SecureSpan Basics
- Video Tutorials
- Library
- Free Trial
- cloudsecurityalliance
Follow Us:
OAuth Toolkit
Making OAuth Implementation Simple
OAuth is rapidly becoming the preferred authentication and authorization method for accessing Web-based resources through an API. The Layer 7 API Proxy and other SOA and Cloud Gateways support OAuth 1.0a, OAuth WRAP and OAuth 2.0 specifications and can be used to simplify both two- and three-legged OAuth implementations for authorization servers and protected resource servers. The built-in Security Token Service (STS) inside the Layer 7 API Proxy and related gateways can issue and validate security tokens of a variety of formats and structures, depending on the requirements of the specific OAuth implementation. Security tokens generated by the Layer 7 STS can be used as OAuth access tokens, optionally with HMAC or RSA signature methods, and SHA-1, SHA-256 or SHA-512 encryption.
Furthermore, in supporting SAML, the Layer 7 SecureSpan and CloudSpan Gateways can be used to enable web browser single sign-on (SSO) capabilities for integrating the enterprise with cloud-based services. A SAML assertion generated by the gateway can be used as an OAuth authorization grant to obtain an access token.
OAuth Toolkit Demo
Download the slides from this demo
Webinar: A Practical Guide to API Security & OAuth for the Enterprise featuring Forrester Research, Inc.
View the OAuth 2.0 with Layer 7 Gateways tutorial series on YouTube
- Extensible Policies: The gateway enables policies to be customized to meet the needs of specific OAuth implementations and to be easily upgradeable to meet the latest versions of OAuth protocol
- Deployment Flexibility: Implement inline for downstream token translation and mapping, or as an end-point service
- Standards Support: As a coauthor of popular specifications like WS-Trust and WS-Federation, Layer 7 is committed to standards-based implementation
- OAuth 1.0a
- OAuth WRAP
- OAuth 2.0
- HMAC
- RSA
- SAML 1.1/2.0
- SHA-1
- SHA-2 (SHA-256, SHA-512)