p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica} p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica; min-height: 14.0px}
Hi
I am trying to protect an API with OAuth where the OAuth token is generated and validated by a 3rd party. I have seen the docs link below that covers how to configure the OAuth policy to use an external provider
http://docs.apigee.com/api-services/content/use-third-party-oauth-system
The question I have is how do I validate the token against my 3rd party OAuth provider? This thread states that I can call something like /oauth-delegated/generatetoken to set the token in my proxy then validate the token when the client makes a call.
https://community.apigee.com/questions/11099/external-oauth-token.html
This isn't really what I want, when the token comes in I just want to take the token and make a call out to my OAuth server to validate it. I can create a new policy to do this but is there a way to use the OAuthV2 policy to call out to the 3rd party service?
Thanks!
Solved! Go to Solution.
Hi Anthony,
The ExternalAccessToken feature of the OAuthV2 policy allows you to store a 3rd party generated token with Apigee Edge as an Oauth token, so during validation the VerifyAccessToken operation of the same OAuthV2 policy allows the proxy to validate it as if it was generated by the same policy using GenerateAccessToken.
This allows you to perform the token validation and all the necessary APIProduct related permissions, like allowed quota etc by Edge.
If you simply want to proxy the token validation request to the external service provider, you would have to do that using the ServiceCallout policy.
Hi Anthony,
The ExternalAccessToken feature of the OAuthV2 policy allows you to store a 3rd party generated token with Apigee Edge as an Oauth token, so during validation the VerifyAccessToken operation of the same OAuthV2 policy allows the proxy to validate it as if it was generated by the same policy using GenerateAccessToken.
This allows you to perform the token validation and all the necessary APIProduct related permissions, like allowed quota etc by Edge.
If you simply want to proxy the token validation request to the external service provider, you would have to do that using the ServiceCallout policy.
Hi, thanks for the advice, so just to be clear the ServiceCallout would be completely separate from the OAuthV2 policy? So essentially I would need to create my OAuth policy?
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |