How to implement oAuth2 authentication in API specification.

Overview

Step-by-step tutorial explaining how to implement oAuth2 authentication in API specification.

The oAuth 2.0. is used by internal CDQ APIs but external API providers don't request it. To distinguish which specification uses oAuth 2.0, a dedicated parameter and decorator were created. It requires a one-time modification in the component specification.

Scenario:

In this tutorial you will learn how to:

Activate oAuth 2.0. for existing specifications in the Redocly registry
Activate oAuth 2.0. for new specifications or never added to the Redocly registry

Info

This tutorial is valid for IDP and Developer Portal as well.

Existing specification in the Redocly registry

To activate oAuth 2.0. authentication in the existing component published in the IDP add below parameter to the component's api-vx.yaml file:

x-cdq-security: true

Info

This tutorial is valid for IDP and Developer Portal as well.

New specification or never added to the Redocly registry

No component specification in the Registry?

Check how to add specification to the registry.

To activate oAuth 2.0. authentication in the new component:

Follow previous step
Add CORS Policy to the api_name.page.yaml file in the portal structure:

authCorsProxyUrl: "https://cors.redoc.ly"

How to implement oAuth2 authentication in API specification.

Overview

Existing specification in the Redocly registry

New specification or never added to the Redocly registry

Share the feedback!