This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Validate OAuth tokens from 3rd party service

Posted on 12-06-2016 08:28 AM
Not applicable
Reply posted on --/--/---- --:-- AM

p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica} p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica; min-height: 14.0px}

Hi

I am trying to protect an API with OAuth where the OAuth token is generated and validated by a 3rd party. I have seen the docs link below that covers how to configure the OAuth policy to use an external provider

http://docs.apigee.com/api-services/content/use-third-party-oauth-system

The question I have is how do I validate the token against my 3rd party OAuth provider? This thread states that I can call something like /oauth-delegated/generatetoken to set the token in my proxy then validate the token when the client makes a call.

https://community.apigee.com/questions/11099/external-oauth-token.html

This isn't really what I want, when the token comes in I just want to take the token and make a call out to my OAuth server to validate it. I can create a new policy to do this but is there a way to use the OAuthV2 policy to call out to the 3rd party service?

Thanks!

Solved Solved
0 2 405
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
hanselm
Staff
Reply posted on --/--/---- --:-- AM

Hi Anthony,

The ExternalAccessToken feature of the OAuthV2 policy allows you to store a 3rd party generated token with Apigee Edge as an Oauth token, so during validation the VerifyAccessToken operation of the same OAuthV2 policy allows the proxy to validate it as if it was generated by the same policy using GenerateAccessToken.

This allows you to perform the token validation and all the necessary APIProduct related permissions, like allowed quota etc by Edge.

If you simply want to proxy the token validation request to the external service provider, you would have to do that using the ServiceCallout policy.

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
hanselm
Staff
Reply posted on --/--/---- --:-- AM

Hi Anthony,

The ExternalAccessToken feature of the OAuthV2 policy allows you to store a 3rd party generated token with Apigee Edge as an Oauth token, so during validation the VerifyAccessToken operation of the same OAuthV2 policy allows the proxy to validate it as if it was generated by the same policy using GenerateAccessToken.

This allows you to perform the token validation and all the necessary APIProduct related permissions, like allowed quota etc by Edge.

If you simply want to proxy the token validation request to the external service provider, you would have to do that using the ServiceCallout policy.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to hanselm
Reply posted on --/--/---- --:-- AM

Hi, thanks for the advice, so just to be clear the ServiceCallout would be completely separate from the OAuthV2 policy? So essentially I would need to create my OAuth policy?

Jump to Solution
0 Likes