We are using both Edge for external applications and MG for internal applications requiring access to APIs. However, accessToken will be generated by oAuthServer on-premise (Ping) or Okta irrespective of where the call comes from (internal or external). So if the accessToken is generated by Okta, can it be validated with public key at both Edge and MG level and grant access to APIs? Are there other options (more secure) to validate and extract information from accessToken? Assuming we have 2 way TLS enabled between Edge and MG.
Hi @SirishaPulivarthi, please add few more details in your question.
I am only answering about Edge. I am not sure about Microgateway.
We have some docs on Okta & Apigee Integration. Please have a look at,
https://github.com/apigee/apigee-okta
https://community.apigee.com/articles/28752/apigeeokta-integration-resource-owner-password-gra.html
This has been described. Search the archives. You will find the answers.
Yes, MG can validate JWT tokens issued by Okta/Ping. See this plugin. If the Okta/Ping JWT contains a claim which is also the Apigee API Key/client_id, then MG will also enforce API Product entitlements.