This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Proxy calls to edgemicro-auth/token endpoint within a microgateway instance

Posted on 07-17-2017 05:49 AM
michaelmcdowell
New Member
Reply posted on --/--/---- --:-- AM

We have an Edge Microgateway with the Apigee OAuth plugin protecting our custom plugin.

As you know this requires making a pre-request to the Edge edgemicro-auth proxy to acquire a JWT which is submitted to subsequent requests to our Microgateway instance (where it is validated by the OAuth plugin).

However we would like to make calls to an endpoint exposed by our Microgateway which would in turn proxy a call to the edgemicro-auth token endpoint returning a JWT. E.g.

curl -X POST \
  https://my-microgateway/auth/token \
  -d '{
	"grant_type": "client_credentials", 
	"client_id": "***************", 
	"client_secret": "*****************"
}'

I have considered applying a custom plugin (e.g. get-token) prior to the -oauth plugin but am unsure how to isolate this plugins request/response from the subsequent plugins in the sequence, or if this is even the correct approach.

Any help or suggestions as to how this might be best achieved would be much appreciated.

Michael McD.

0 4 518
Topic Labels
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
Reply posted on --/--/---- --:-- AM
@michaelmcdowell

At the moment, plugins are applied for every proxy. So this custom plugin (which will be sequenced before the oauth plugin) will require logic to only apply when a user is asking for a token.

Another option is to have a MG that only exposes the token endpoint (it is possible for MG to expose only specific proxies). This way you'll have an endpoint available internally.

Lastly, it is on our roadmap to allow applying plugins for individual proxies.

Posted on --/--/---- --:-- AM
michaelmcdowell
New Member
In response to Former Community Member
Reply posted on --/--/---- --:-- AM

Having gone for the 1st option i.e. creating a plugin that only applies when the user is asking for a token, do you know how I prevent the oauth plugin from firing? If I don't call next() the microgateway hangs and if I do the oauth plugin fails to authenticate the request.

0 Likes

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
In response to michaelmcdowell
Reply posted on --/--/---- --:-- AM

Now that I think more about it, you can't stop the oauth plugin from executing if you call next(). option 1 may not work after all.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi Michael, We have a similar use case within our applications as well. I was just interested to know how you solved this issue?

0 Likes