OAuth is quickly emerging as the key standard for access control across the Web, cloud services and mobile apps. But applying OAuth can be a complex process, with a steep learning curve for enterprise architects and application developers alike. The CA OAuth Toolkit is a pre-integrated component of all API gateways from CA Technologies, which makes it simple to add OAuth-based access control to enterprise resources exposed via APIs for reuse in Web and mobile apps.
The CA OAuth Toolkit is a complete OAuth implementation including an authorization server supporting various types of handshake with API-consuming applications, a resource server that protects access to APIs at runtime and a token management system, which can be deployed in a distributed architecture. The authorization server and resource server can integrate with most leading identity and access management (IAM) products.
The OAuth Toolkit supports the OAuth 1.0, 1.0a and 2.0 standards as well as JWT (JSON Web Token) bearer tokens and a range of extension grant types. Optional HMAC or RSA signatures are supported for maximum interoperability. CA Mobile API Gateway also provides an OpenID Connect implementation built on top of the OAuth Toolkit, which can be used to extend an existing identity directory into a state-of-the-art federated identity provider.