Role Based Access

Hi,

Does anyone know if it is possible to apply a finer grain of authorization on an API than granting access to an Application via one of the authorization mechanisms?

I.e. Using OAuth 2.0 scopes to provide the role/claimed based access to a particular resource

Thanks,

Ben

Hi Ben,

Which version of API Gateway are you using?
From 10.3, try the option “Oauth/OpenID scopes” under the menu options in API Gateway (See screenshot).

In this section, you can map an auth server scope to an API scope (you can add one or more resources to an API scope)

Regards,
Vallab.

2 Likes