Embedded resource gateway functionality

The Onegini Security Proxy can forward requests to a resource gateway. Also basic resource gateway functionality is available embedded in the Onegini Security Proxy. This embedded resource gateway functionality is responsible for validating an access token present on a resource call and mapping the result of this call on the call to the resource server. Topic guides in this section will explain how to configure the embedded resource gateway functionality and how to customize the request mapper.

Embedded resource gateway flow

This graph presented below shows the communication between Mobile Application (with Onegini SDK) and Resource Server via the Onegini Security Proxy for a resource call using the embedded resource gateway functionality.

Note: The main focus of this graph is to show the role of the embedded resource gateway functionality in the Mobile App - Resource Server communication so the Security Proxy functionality of decrypting incoming request was intentionally not presented.

The scenario:

  1. A client application (Onegini SDK) performs a resource call with an access token in the Authorization header.
  2. The Onegini Security Proxy token validation functionality validates the access token at the Onegini Token Server.
  3. The original request details containing the token validation result is passed on to Request Mapper component.
  4. The Request Mapper modifies the request (it uses the token validation response which contains i.a. assigned user and scopes for that) in a way that it becomes a valid request (containing all required parameters/headers etc.) to call some specified Resource Server.
  5. The Onegini Security Proxy sends modified request to the Resource Server.

Fetching resources via Onegini Security Proxy

Steps to start using this feature

  1. Configure a resource gateway in the Token Server
  2. Configure token validation
  3. Implement request mapper
  4. Configure request mapper