How to set up API proxy with an external OAuth 1.0a?

Not applicable

Hi,

I am trying to set up an API proxy that would act as a middle-man between mobile apps and an existing backend server which implements OAuth1.0a.

I was wondering what is the best approach in this situation? Should I just consider Apigee proxy a simple pass-through in the authentication process? Or shall I setup an OAuth in my Apigee proxy too?

I saw some quite useful tutorials but they were only for OAuth2.0.

I'd be grateful if someone pushed me in the right direction...

Cheers,

Jo

2 4 1,352
4 REPLIES 4

with oauth1.0a its not that straight forward - i am assuming your mobile apps today use oauth1.0a as well

The main problem is the signature string includes the hostname as part of it, so your mobile app generated signature will have hostname of the apigee endpoint, your existing backend might have a different hostname

one way to easily implement this if there is a way for your backend to accept signatures with apigee's endpoint hostname,

or apigee could add x-forwarded-host with the original host header sent by the client - and if your backend can chose to accept x-forwarded-host for signature verification

Let know if you have any other questions

Hi @Mukundha Madhavan ,my mobile app does not generated the signature but passes with all token(consumer key and secret ,oauth token and secrete) that are required.My proxy is supposed to handle the rest like generating the whole Authorization header part and sending to back end with the every incoming resource request.Could you please help me out?That would be very helpful.

Thanks,

Archana

Please ask new questions using the "ASK A QUESITON" button. Do not post new questions as comments to old answers.

3568-ask-a-question-click-here.png

Not applicable

Dear @Joanna Zolopa, I wrote a tutorial for OAuth 1.0a with an API Proxy example a while ago. Give it a try and let me know your thoughts. Hope it helps!