I have a RAML file with two methods POST and GET. Also I have two applications A and B. A should only be able to call POST and B should only be able to call GET. I am using "OAuth 2.0 Access Token Enforcement Using External Provider policy." and oauthprovider module to generate oauth token for authentication.
<oauth2-provider:config name="OAuth_provider_module"
accessTokenEndpointPath="oauth/token" providerName="CustomProvider"
clientStore-ref="my-client-store" authorizationEndpointPath="oauth/authorize"
listenerConfig-ref="https_listener_config" supportedGrantTypes="CLIENT_CREDENTIALS AUTHORIZATION_CODE"
doc:name="OAuth provider module">
</oauth2-provider:config>
Any advice as how can I achieve method level authorization using above policy or any other suggestions.
