Skip to content

Gluu Gateway 4.0 is currently in open Beta. Questions and feedback can be directed to Gluu support. View known issues.

Common Features#

Below are the features which is common in Gluu OAuth and UMA plugins.

Phantom Token#

In some cases there is requirement that bearer token for outside of the network and JWT token for the internal network.


This feature is available in both plugins that is gluu-oauth-auth and gluu-uma-auth. To configure phantom token feature, you just need to set pass_credentials='phantom_token' in plugin configuration.


Set access_token_as_jwt: false and rpt_as_jwt: false in client registration, otherwise client by default returns you access token as JWT.

Dynamic Resource Protection#

This feature is available for both plugins that is gluu-oauth-pep and gluu-uma-pep.


There are 3 elements to make more dynamic path registration and protection:

  • ? match any one path element
  • ?? match zero or more path elements
  • {regexp} - match single path element against PCRE

The priority for the elements are:

  1. Exact match
  2. Regexp match
  3. ?
  4. ??


slash(/) is required before multiple wildcards placeholder.


Assume that below all path is register in one plugin

Register Path Allow path Deny path
  • /folder/file.ext
  • /folder/file
  • /folder/123/file
  • /folder/xxx/file
  • /path/
  • /path/xxx
  • /path/xxx/yyy/file
  • /path - Need slash at last
  • /path/one/two/image.jpg
  • /path/image.jpg
  • /path/xxx/image.jpg - ? has higher priority than ??
  • /path/abc/image.jpg
  • /path/xyz/image.jpg
  • /users/123/todos
  • /users/xxx/photos
  • /users/123/todos/
  • /users/123/todos/321
  • /users/123/photos/321