Oracle Cloud API Gateway – Using an Authorizer Function for Client Secret Authorization on API Access by Lucas Jellema


The objective in this article: create a simple Authorizer Function that checks the Client Secret passed in API calls and allows and denies requests based on whether the correct Client Secret is included. The Authorizer Function does a little more than simply accept or deny: in case of accept it also return a token object that becomes part of the request sent to the real backend.


1. Create a Function with Fn (in any runtime language, for example Java, Go or Node) – that returns HTTP 200 in case of success or 5xx in case of failure. The response body in case of success has a prescribed format.

2. Deploy the Function to an OCI environment

3. Make sure the API Gateway has access to the Function

4. Configure a Request Policy – on either the API Deployment or a specific Route within an API Deployment – of type Authentication and associated with the Authorizer Function. Read the complete article here.

Developer Partner Community

For regular information become a member in the Developer Partner Community please register here.

clip_image003 Blog clip_image005 Twitter clip_image004 LinkedIn image[7][2][2][2] Facebook image Meetups

Technorati Tags: PaaS,Cloud,Middleware Update,WebLogic, WebLogic


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.