This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

user validation via api

Posted on 11-22-2019 08:02 AM
henrymedina
New Member
Reply posted on --/--/---- --:-- AM

I'm looking to Validate access using basic authentication. I want to make sure users validate their credentials on their own. Is there a simple api call they can make using their own credentials? I'm using private cloud version 4.19. I'm using curl currently but it seems it only works for admin accounts. Regular org users get a 401.

Thanks,

0 1 207
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I'm looking to Validate access using basic authentication.

OK no problem. I think what you're saying is, you want to build an API Proxy that performs credential validation. As you probably know, Apigee isn't a good system for storing credentials of users of APIs. Normally there's an external IdP (Identity Provider) that is built-to-purpose for validation credentials. The way Apigee can help is, Apigee can accept user credentials in a request, typically in an HTTP Header called "Authorization" which includes a Basic Authentication encoded set of credentials. That just means, there's a username and a password, concatenated with a colon, and that whole thing is base64 encoded, and preceded by the keyword "Basic". It looks like this 

Authorization: Basic xxxxxxxxx

...and that xxxxx is the base64-encoded blob. Apigee has a builtin policy that decodes the Basic Auth header and retrieves the username and password. Apigee can then use some other mechanism, like maybe a ServiceCallout policy, to communicate to an external IdP, send those credentials, and validate them. With the response from the IdP, the Apigee proxy can make a decision about what to do with the inbound request; if the credentials are valid, then.. do something good. If the IdP responds that the credentials are invalid, then the proxy can send back a 401 Unauthorized to the requester.

I want to make sure users validate their credentials on their own.

I don't understand this. That;'s not how validation works. I'm sure I'm misunderstanding what you're thinking. But let's set a foundation of terms: The way credential validation works is: party1 presents credentials to a trusted party, let's call it party2. Party2 evaluates those credentials. IF valid, then party2 issues a token or assertion that says something like "I, party2, assert that party1 has provided valid credentials to me." These days, a common authentication protocol is OpenID Connect, and that assertion is made in the form of a JWT ID Token, which has an issuer claim identifying the identity provider (What i've called "party2" in this discussion), the subject (what I've called party1), and an issued-at time, an expiry time, and maybe some other stuff.

So users don't really validate their own credentials. Users present credentials to some other party to allow that party to validate the credentials.

Is there a simple api call they can make using their own credentials?

Yes? If you're using Apigee, then you can build an API Proxy that accepts user credentials. Check the resources for "password grant." Here's one. https://github.com/DinoChiesa/devjam3-20170405/tree/master/Resources/oauth2-pg

I'm using curl currently but it seems it only works for admin accounts. Regular org users get a 401.

Not clear what problem you're experiencing. You're using curl. To do what? Some examples would clarify. Eg, "I tried this specific request and saw this specific response. I had been expecting this other specific response."

0 Likes