Apigee Edge to Apigee X migration: INVALID_ARGUME...

mxr576 · 09-27-2023 02:05 AM

Problem

Apigee Edge allowed uppercase characters in all part of an email address.

Moreover it handled email addresses case sensitively.

In contrast, Apigee X/Hybrid only allows lower cased email addresses, ALL parts the email address MUST BE lowercase.

Additionally, Drupal (devportal) also handles email addresses case insensitively. https://www.drupal.org/project/drupal/issues/2490294

According to RFC 5321 section 2.3.11.the local-part of an email address can be case-sensitive and it is up to the Domain to decide on this. So johndoe@example.com could be a different user than JohnDoe@example.com.

Questions

How to handle migrations from Apigee Edge to Apigee X when the Apigee Edge database contains email addresses with uppercase characters (in developer email addresses, company/team memberships, etc.). Transforming an email address to its lowercase equivalent could lead to conflict and security issues when a given mailbox provider supports case sensitive email addresses.
Are there any plans to support email addresses according to RFC 5321 section 2.3.11. in Apigee X/Hybrid?

mxr576

A previous unfinished attempt to mitigate this in the Drupal Apigee connector: https://github.com/apigee/apigee-edge-drupal/pull/756

shishir21

@mxr576
For Drupal, Re-opened the pull request and issue https://github.com/apigee/apigee-edge-drupal/issues/730

mxr576

Thanks @shishir21 , IMO this should not be solved on the Drupal level, the problem that this small architectural difference causes for customers who would like to migrate from Apigee Edge to Apigee X is bigger than the scope of the Drupal or any developer portal.

The Github issue only concerns a very specific problem in which case an IDP may eliminate identity stealing, if and only if, that is the only source of users on a developer portal and the only way to log in.

Apigee Edge to Apigee X migration: INVALID_ARGUMENT: email address has to be lowercase