Solved: Support for OAuth2 Resource Owner Password Credent...

Report Inappropriate Content · 02-04-2015 12:59 PM

Hi, I'm evaluating apigee and am having trouble finding documentation on how it supports the OAuth2 Resource Owner Password Credentials grant type. Can you please point me to documentation explaining how to configure support for this?

Also, once an access token has been generated using this grant type, when it's used for subsequent API requests, where/how would I configure how the user name is communicated back to the target endpoint?

thanks,

Chris

willwitman

Hi Chris,

Please also check out this new topic on the password grant type:

http://apigee.com/docs/api-services/content/implementing-password-grant-type

It describes the steps of the grant type flow from the client app to Apigee Edge, shows how to request an access token, discusses policy configuration, includes a flow diagram and other details, and has a link to the Apigee Learn course "Create and Manage APIs," which features an OAuth section and an entire lesson on the password grant type.

Let us know if this helps.

View solution in original post

birute

There is a topic in documentation that offers a general description of the OAuth 2.0 client credentials grant type and discusses how to implement this flow on Apigee Edge. It also includes some code samples

http://apigee.com/docs/api-services/content/oauth-20-client-credentials-grant-type

Hope this will help to make progress in finding the answer.

@fjones is there better resource that you could point Chris to?

willwitman

Hi Chris,

Please also check out this new topic on the password grant type:

http://apigee.com/docs/api-services/content/implementing-password-grant-type

It describes the steps of the grant type flow from the client app to Apigee Edge, shows how to request an access token, discusses policy configuration, includes a flow diagram and other details, and has a link to the Apigee Learn course "Create and Manage APIs," which features an OAuth section and an entire lesson on the password grant type.

Let us know if this helps.

Report Inappropriate Content

Thanks much, that's just what I was looking for, not sure how I missed it yesterday.

The 2nd part of my question was how the username gets communicated back to the target APIs once the access token has been generated. Is that accomplished by 1) storing the username as an additional field in the access token metadata, and 2) extracting it and attaching to the backend API request in the policies for protected APIs?

thx,

Chris

willwitman

Yes, you can store custom data in your token and extract it on each request, then attach it to the request flow to the backend target using the AssignMessage policy. You could also use a JavaScript policy to do something similar. Also, maybe check out this topic on persistence. Let me know if this helps with your question. BTW, you didn't miss that topic on password -- we've been rewriting our OAuth docs and that one apparently slipped through the cracks--so I pushed it to the doc server after you asked about it. 🙂

Report Inappropriate Content

Great, thanks much.

Support for OAuth2 Resource Owner Password Credentials grant type