We have bunch of APIs protected by Keycloak (OAuth2/OpenID Connect server) that ultimately we'd like to expose to developers and eventually monetize. Our Keycloak installation is fairly heavily customized and so we'd like to continue using that for developer and end-user authentication / management.
Is it possible for developers to register the apps as clients from our Keycloak installation (rather than Apigee OAuth infrastructure) and then use Apigee proxies so that we can collect analytics and potentially use the monetization features, including developer and app aware metrics/enforcement.
The docs show a couple of ways of integrating third party OAuth but with so many ways of using OAuth it's not clear whether the scenario we have would be supported. Additionally the Apigee setup is clearly very flexible but as a consequence of that it's difficult to be sure that any proof of concept has been setup correctly or debug where things are misconfigured!
Any help to confirm/deny this is possible and maybe help me get a POC going would be much appreciated. I believe @Floyd Jones had some thoughts...
Hi @Rob Oxspring, this doc provide the info of integrating external OAuth.
In short,
I came across a sample PoC sometime back, but not sure if it is still working.
If you want to leverage developer and app aware metrics/enforcement etc., we need to use the client_id(Apigee) while making calls to API Proxy.
I hope this helps.
Thanks for posting here, @Rob Oxspring. Following is my original answer with a couple of clarifications:
But I'm hoping somebody can double-check me on the feasibility of #3.