Hopefully the question is clear:
edgemicro bearer token uses non standard oauth token. Is there a future with standard oauth bearer token authentication built in?
specifically the OAUTH flow outlined here:
https://tools.ietf.org/html/rfc6749#section-4.3
in sections 4.3 and 4.4.
I believe this statement:
edgemicro bearer token uses non standard oauth token.
...is not correct. Edge Micro uses a Bearer token. RFC6750 defines the term "bearer token" and describes its use. RFC6750 does not describe the structure of a bearer token. There is nothing about any token that can be described as "non standard". Edge micro uses a bearer token in a valid way.
You may be referring not to the token, but to the way in which the token has been acquired. In fact, there is a client_credentials flow that happens, to get the token. But this is wrapped in the CLI. The description of how to get the token is here:
http://docs.apigee.com/api-services/content/edge-microgateway-tutorial
Does this answer your question?
@prabhat may wish to comment further.
@Dino Thanks for the reply:
The link to the doc doesnt help me at all. I know how to make the edgemicro implementation of the bearer token work.
I think i need to spend some time thinking about how to ask the question im trying to ask more precisely.
Whats really going on is that I am trying to figure out if there is a way to have edge minted OAuthV2 access tokens - which can contain useful attributes - be authenticated in edgemicro. I suspect that this is not something that can be done right now for a number of reasons - but i need to poke around a bit before doing anything.
That's an interesting scenario. I think what you want is attributes. The key thing is attributes, not "minted OAuthv2 access tokens". Right?
BTW, today when Edge creates OAuthV2 access tokens , they are always "opaque". They're just strings that are used to lookup information at Edge. A JWT is also an access token, just an access token of a different type. Just as custom attributes can be associated with an opaque access token, custom claims (or if you like, call them custom attributes) can be inserted into a JWT.
In the future you should expect Edge to be able to natively Create and Verify JWT, which means you will have your choice of two types of "Edge-minted OAuth2 tokens": opaque and JWT.
@prabhat may wish to comment on this.
and i THINK the correct way of expressing the problem that im trying to solve is to figure out if there is now, or will be a way in the future to perform some function similar to the Verify Access Token feature on EdgeMicro. This would open up a world of goodness.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |