If you want Access Gateway to validate a token before granting access to a protected resource, you must enable OAuth for that protected resource.
Perform the following steps to enable OAuth in Access Gateway:
Click Devices > Access Gateway > Edit > [Reverse Proxy name] > [Proxy Service name].
Select the Protected Resources tab.
Click the protected resource for which you want to enable OAuth.
Select Validate OAuth Token.
Click OK.