1. Home
  2. Tyk Identity Broker
  3. Example configurations
  4. Generate an OAuth token using LDAP

Generate an OAuth token using LDAP

The configuration below will take a request that is posted to TIB, authenticate it against LDAP, if the request is valid, it will redirect to the Tyk Gateway OAuth clients’ Redirect URI with the token as a URL fragment:

```
{
    "ActionType": "GenerateOAuthTokenForClient",
    "ID": "6",
    "IdentityHandlerConfig": {
        "DashboardCredential": "{DASHBAORD-API-ID}",
        "DisableOneTokenPerAPI": false,
        "OAuth": {
            "APIListenPath": "{API-LISTEN-PATH}",
            "BaseAPIID": "{BASE-API-ID}",
            "ClientId": "{TYK-OAUTH-CLIENT-ID}",
            "RedirectURI": "http://{APP-DOMAIN}:{PORT}/{AUTH-SUCCESS-PATH}",
            "ResponseType": "token",
            "Secret": "{TYK-OAUTH-CLIENT-SECRET}"
        }
    },
    "MatchedPolicyID": "POLICY-ID",
    "OrgID": "53ac07777cbb8c2d53000002",
    "ProviderConfig": {
        "FailureRedirect": "http://{APP-DOMAIN}:{PORT}/failure",
        "LDAPAttributes": [],
        "LDAPPort": "389",
        "LDAPServer": "localhost",
        "LDAPUserDN": "cn=*USERNAME*,cn=dashboard,ou=Group,dc=ldap,dc=tyk-ldap-test,dc=com"
    }
    "ProviderName": "ADProvider",
    "ReturnURL": "",
    "Type": "passthrough"
}
```

This configuration is useful for internal API that require valid OAuth tokens (e.g.a webapp or mobile app) but needs validation by an LDAP provider.