Is it possible to allow my API Clients do send me the access token either in Authorization header or in "access_token" query param, and make the OAuthV2 Policy look at one with is present to Verify the token?
Yes , it's possible.
You can use one assign message policy before verify token policy. In the assign message set the Authorization header to request.queryparam.access_token
For the assign message policy set a condition when request.queryparam.access_token not equals to null or empty string.
Ok, so, its not possible to OAuthV2 Policy look at access_token present information (either Authorizarion header or querypam), i have to make a workarround to make its possible, right?
No, in one policy it's not possible to configure both.
OK, thank-you.