token-validation-requirement

This command specifies the requirement to prove token validity.

Syntax

Token valid when the connection is successful and the access token is valid.: token-validation-requirement active
Token valid when the connection is successful.: token-validation-requirement connected

Parameters

active: The token is valid when the response code is 200 OK and the response includes active:true.
connected: The token is valid when the response code is 200 OK. This setting is the default value.

Guidelines

The token-validation-requirement command specifies the requirement to prove token validity when the response from the third-party endpoint is checked.

When the value is active, validation requirements are strictly checked against response scopes in the response body. When the OAuth security requirement defines scopes that are not a subset of response scopes, the request is denied unless advanced scope checks are enabled.

When the scope value in the OAuth security requirement is scope1 and the response scope value is scope1 scope2, validation passes the check.
When the scope value in the OAuth security requirement is scope1 scope2 and the response scope value is scope1, validation fails the check. In this situation, you can modify the configuration in either of the following ways to pass the validation check.
- Delete the scope value from the OAuth security requirement. To manage the scope value, use the allowed-scopes command in API security OAuth requirement mode.
- Enable advanced scope validation. To enable advanced scope validation, use the advanced-scope-validation-enabled command.

This command is relevant only when provider-type is third_party.