Apigee Edge OAuth implicit grant type

Looking through the docs, it appears as if Edge supports client credentials, authorization code, and password grant types. Does Edge also support implicit grant type? If so, where is it documented?

Solved Solved
0 4 2,655
1 ACCEPTED SOLUTION

Check here for implicit grant specific policy configuration: http://apigee.com/docs/api-services/content/asking-tokens#requestinganaccesstokenimplicitgranttype

For general oauth policy reference: http://apigee.com/docs/api-services/content/oauthv2-policy. The thing is that Apigee has a single policy to generate access token for ALL grant types. You configure "behaviour" of this policy by specifying grant types you want in various attributes. Search for "implicit" on this page to see its uses.

View solution in original post

4 REPLIES 4

Check here for implicit grant specific policy configuration: http://apigee.com/docs/api-services/content/asking-tokens#requestinganaccesstokenimplicitgranttype

For general oauth policy reference: http://apigee.com/docs/api-services/content/oauthv2-policy. The thing is that Apigee has a single policy to generate access token for ALL grant types. You configure "behaviour" of this policy by specifying grant types you want in various attributes. Search for "implicit" on this page to see its uses.

This is the minimum you need for the proxy definition:

<OAuthV2 name="GenerateAccessTokenImplicit">
    <Operation>GenerateAccessTokenImplicitGrant</Operation>
    <GenerateResponse enabled="true"/>
</OAuthV2

Hi,

I implemented Implicit grant same way, but is is generating access token only in Apigee Edge Trace, not in console using curl command:

curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' 'https://org_name-test.apigee.net/oauth/implicit?response_type=token&client_id=xxxxxxxx&redirect_uri=http://callback-example.com' -H 'Content-Length: 0'

I have:

<OAuthV2 name="GenerateAccessTokenImplicit">
    <Operation>GenerateAccessTokenImplicitGrant</Operation>
    <GenerateResponse enabled="true"/>
</OAuthV2

Is there a way to see the token value in console when i call from my command line?

hi @Kumud Gautam,

What is the response you get? Try using the '-v' parameter for curl and you should see the full 302 redirect response, along with token fragment.