Hi, Is An. Not really sure what exactly you need help with. To test it you could protect your application with UMA first, then see whether it works as expected (according to UMA specs). Our paid oxd server product is [UMA-enabled](https://gluu.org/docs/oxd/protocol/#uma-authorization), so it's one option. There are other products and libraries adding support for UMA to your app/api too. That's not really directly related to Gluu itself, and we limit our support for 3rd-party software.

Thanks a lot. But i want to know after configuring resource server and resource party how do i test those to check its working properly. As a example You have given that in openid --> client Pasport Resource Server Client and Passport Requesting Party Client and set those uma authorization. I want to know how i test those. Thanks.

We have a page on UMA [here](https://gluu.org/docs/ce/3.0.2/admin-guide/uma/), it also have reference to the actual spec document. We don't have any showcases at the moment, so it's expected you'll get familiar with how protocol works, that will also give you idea of what needs to be tested. The test is actually pretty simple - it needs to prevent your access to protected resource unless you include token with required scopes attached to it in request. If it does, then it works. How to conduct this test is up to users, and is not covered by community support. Any way of intercepting and viewing HTTP requests and responses will do.