Is it good practice to use Apigee SaaS as OAUTH provider when using Password Grant type.
The reason of this question is we are sending uid and password to Cloud application .
OAUTH policy requires those details, even after validating the client app's credentials (key/secret)
Our design team is fine sending uid/password to Apigee OAUTH provider which is On Premise but not to Apigee SaaS.
In such cases when moving to cloud with Apigee. We have on premise OAUTH provider which validates the password grant information and generates the access_token which is used to invoke Proxies in Apigee SaaS.
This being JWT ApigeeSaaS validates the Token and validates the required Roles information and invokes backend else throw error.
In such cases Apigee SaaS can only act as a Resource Server. Do we have any alternative for such scenario to still use Apigee SaaS as a OAUTH provider for Password Grant and what may be solid pointers to still have Apigee SaaS OUTH provider for Password Grant
If the access_token is a JWT,
you can design your flow so that
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |