Proxy endpoint is receiveing a token that is verified via oauthV2.OA-VerifyAccessToken policy. Which populates the client_id into the flow but not the client secret.
We have to make a subsequent call to another proxy (that uses basic auth) I was looking for a way to access the client secret to create the auth header for this call . For now I've placed it into the kvm, but wanted to know if there was a way to get it at run time from either the token or the client id.
Solved! Go to Solution.
Verify the client id with a verify api key policy and it will bring you the client secret.
Verify the client id with a verify api key policy and it will bring you the client secret.
Yes. This is the right way.
You may think:
well that means I call VerifyAccessToken then VerifyApiKey- won't it be slow?
Maybe, on the first call. On the first call the token and key are both unknown. a Token verification will load the cache for the token. A key verification will do the same for the key. Subsequent calls are fast (in memory).
So: don't worry about the performance at scale.
Nice explanation of the internals. Thanks @Dino-at-Google
Thanks Guys!
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |