We are pleased to announce that Gravitee.io Access Management 2.7 is now available.
What’s new ?
Here are the highlight of this release:
- Extension Point Management (Policies are coming to AM !)
Extension Point Management
Do you use Gravitee.io API Management Policies ? Do you enjoy them ? Do they leverage your APIs usage and let you innovate ?
It’s a pleasure to tell you that those policies are coming to Gravitee.io Access Management and allow you to extend the Gravitee.io AM Gateway functionalities. They will allow you to apply custom technical and functional features.
In Gravitee.io AM Policies are called Extension Points because they are executed only against selected key stages and act more or less as a webhooks.
Those extension points will let you call external web services to make extra controls or enhance user data and rely on the execution context to use these information later on (e.g in your custom HTML pages).
For now Gravitee.io AM supports three extension points :
- ROOT : before all business/protocols requests — mostly for security/technical features
- PRE_CONSENT : before User Consent — to fetch additional information and display them in the consent page (useful in PSD2/OpenBanking context)
- POST_CONSENT : after User Consent — to apply extra controls before approve/deny user consents
We expect to add more extension points (PRE_LOGIN, POST_LOGIN, …) in a near future.
Custom error page
You can now override the default error page that can be display in certains circumstances (OAuth 2.0/OIDC errors, technical errors, …)