How to use API Product OAuth scopes with Edge Micro?

I have defined 2 scopes for my API product (itself sitting on a single API proxy). I can get an Access-Token using the documented call equivalent to the ./edgemicro token get command-line operation:

curl -i -X POST "http://<org>-<env>.apigee.net/edgemicro-auth/token" -d '{"grant_type": "client_credentials", "client_id": "xxx", "client_secret": "yyy"}' -H "Content-Type: application/json"

I am trying to use that same JSON-based EdgeMicro API to get a scope-restricted access-token does not work (no scope restriction happens):

$ curl -i -X POST "http://<org>-<env>.apigee.net/edgemicro-auth/token" -d '{"grant_type": "client_credentials", "client_id": "xxx", "client_secret": "yyy", "scope": "urn:company:api:ems:send_email"}' -H "Content-Type: application/json"

Using the standard Edge API (using form data) is rejected possibly because EdgeMicro API proxies are not reachable via Edge API's.

request:
[...]
    uri: 'http://hpcorp-cwp-dev.apigee.net/auth/token',
    auth: {
        user: client_id,
        pass: client_secret,
        sendImmediately: true
    },
    form: {
        grant_type: "client_credentials",
        scope: "urn:hp:api:ems:send_email"
    }
[...]
  body: '{"fault":{"faultstring":"Unable to identify proxy for host: default and url: \\/auth\\/token","detail":{"errorcode":"messaging.adaptors.http.configuration.ApplicationNotFound"}}}' }

So: how to make use of OAuth scopes with EdgeMicro? Do I need to define scope-restricted Developer Applications using http://docs.apigee.com/management/apis/post/organizations/%7Borg_name%7D/developers/%7Bdeveloper_ema... API?

0 4 870
4 REPLIES 4

Hello @Francois-Xavier KOWALSKI

The above API calls should work - the error you are receiving shows that the proxy is not deployed

can you check this URL - "http://hpcorp-cwp-dev.apigee.net/auth/token",

this should be

"http://hpcorp-cwp-dev.apigee.net/edgemicro-auth/token", right?

Thanks,

Right, thank you. Note that the token request JSON payload support the "scope:[]" property to ask for specific scopes (within the ones already granted to the calling Developer Application), but that property is not documented. Can we assume it will remain as-is?

Thanks @Francois-Xavier KOWALSKI, this is standard oauth API and it will accept scopes. We need to document this here - @Floyd Jones fyi

Has this documentation happened? We can't see anything related to how edgemicro enforces that that access is restricted to the scopes authorized during the process of getting the access_token.