token-validation-requirement
This command specifies the requirement to prove token validity.
Syntax
- Token valid when the connection is successful and the access token is valid.
- token-validation-requirement active
- Token valid when the connection is successful.
- token-validation-requirement connected
Parameters
active
- The token is valid when the response code is
200 OK
and the response includesactive:true
. connected
- The token is valid when the response code is
200 OK
. This setting is the default value.
Guidelines
The token-validation-requirement command specifies the requirement to prove token validity when the response from the third-party endpoint is checked.
When the value is
active
, validation requirements are strictly checked against
response scopes in the response body. When the OAuth security requirement defines scopes that are
not a subset of response scopes, the request is denied unless advanced scope checks are enabled.- When the scope value in the OAuth security requirement is
scope1
and the response scope value isscope1 scope2
, validation passes the check. - When the scope value in the OAuth security requirement is
scope1 scope2
and the response scope value isscope1
, validation fails the check. In this situation, you can modify the configuration in either of the following ways to pass the validation check.- Delete the scope value from the OAuth security requirement. To manage the scope value, use the allowed-scopes command in API security OAuth requirement mode.
- Enable advanced scope validation. To enable advanced scope validation, use the advanced-scope-validation-enabled command.
This command is relevant only when provider-type is
third_party
.