{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • General /
avatar image
0
Question by Michael Malloy · Sep 08, 2014 at 11:19 PM · 623 Views oauth

Apigee doesn't seem to support the OAuth 2 specification, is there a reason why?

This question was originally asked in Stack Overflow here. The text of the question and a summary of the answer are below.

We're making requests for bearer tokens using client_credentials OAuth 2 grant flow with Apigee. According to the spec:

4.4.2.  Access Token Request

   The client makes a request to the token endpoint by adding the
   following parameters using the "application/x-www-form-urlencoded"
   format per Appendix B with a character encoding of UTF-8 in the HTTP
   request entity-body:

   grant_type
         REQUIRED.  Value MUST be set to "client_credentials".

If we make a call however we get an error like this:

{"ErrorCode" : "invalid_request", "Error" :"Required param : grant_type"}

It seems that using Apigee we have to send grant_type as a query parameter.

Why is this? We have clients of Apigee that are unable to use OAuth libraries in their language of choice because of the way that Apigee deals with OAuth 2, and it would be good to know if there is by-design or not.

In addition it doesn't seem like it supports grant_type in the post body and sending id and key using basic auth.

Comment
Add comment
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Close

1 Answer

  • Sort: 
avatar image
2
Best Answer

Answer by Michael Malloy   · Sep 08, 2014 at 11:19 PM

Turns out you do not need to send in grant_type as a query parameter. There is a <GrantType>element in your GenerateAccessToken policy that takes in a variable. For instance, I can use the following:

<OAuthV2 name="GenerateAccessToken">
  <DisplayName>GenerateAccessToken</DisplayName>
  <FaultRules/>
  <Properties/>
  <!-- This policy generates an OAuth 2.0 access token using the password grant type -->
  <Operation>GenerateAccessToken</Operation>
  <!-- This is in millseconds -->
  <ExpiresIn>1800000</ExpiresIn>
  <Attributes/>
  <SupportedGrantTypes>
    <GrantType>password</GrantType>
  </SupportedGrantTypes>
  <GenerateResponse enabled="false">
   <Format>FORM_PARAM</Format>
  </GenerateResponse>
  <GrantType>user.grant_type</GrantType>
  <UserName>request.header.username</UserName>
  <PassWord>request.header.password</PassWord>
</OAuthV2>

In this example, the grant_type is passed in as user.grant_type. But user.grant_type can be anything-- header, query param, form param, or even a hard-coded value. This way, you (the developer) are provided maximum flexibility on how you want to send in the grant_type.

Comment
Add comment · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Follow this Question

Answers Answers and Comments

1 Person is following this question.

avatar image

Related Questions

Apigee OAuth with REST authentication API 1 Answer

Tutorial Oauth Build 1 Answer

Why do we receive a 405 Response without Allow Header error from our prod dev portal when trying to get an oauth token? 1 Answer

Is there way to use API keys from my backend application? 3 Answers

Gen CC token fails after ValidateKey succeeds 1 Answer

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2019 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Members
  • Badges