For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.

External resources protection

Learn how to use the MobileFirst security framework to protect resources that are stored on external servers (external resources).

To protect external resources, you add a resource filter with an access-token validation module to the external resource server. The token-validation module uses the introspection endpoint of the security framework's authorization server to validate MobileFirst access tokens before granting the OAuth client access to the resources. See Overview of the MobileFirst security framework, and specifically Accessing a protected resource by using an access token and the illustration in Figure 3 (Protecting a resource on an external server). We can use the MobileFirst REST API for the MobileFirst runtime to create your own access-token validation module for any external server. Alternatively, use one of the provided MobileFirst extensions for protecting external Java™ resources, as outlined in the following topics.

• MobileFirst Java Token Validator
  Use the MobileFirst Java Token Validator access-token validation module to protect resources on any external Java server.
• MobileFirst OAuth Trust Association Interceptor (TAI) for protecting resources on WebSphere Java servers
  Use the MobileFirst OAuth Trust Association Interceptor (TAI) filter to protect Java resources hosted on a WebSphere® Application Server with the Full or Liberty profile.
• MobileFirst Node.js resource protection
  Use the MobileFirst Node.js framework to protect Java resources (APIs) hosted on an external Node.js server.

Parent topic: OAuth resource protection