We have an existing micro service. It takes a caller identifier as an input for reporting purpose. We are writing API to expose this service to all. We are using OAuth 2.0 so that clients can use self service mechanism & do not actually need core micro service owner for on-boarding purpose. Saying that, our micro service provider needs to keep track who has called it's APIs so it need that client identifier to be passed to micro service.
I am looking for options to find out how an I implement it. My rough idea is that
Client would register to get it's API KEY. Use the API KEY to get OAuth token. Then use OAuth token to make actual API call. There is a policy (or more) applied which would retrieve client id or name and would append it as query parameter while making the backend call.
I am not sure what tools I need to use.
Answer by Virgo · Aug 24, 2016 at 12:08 AM
What I have used is
Proxy Pre-Flow: "Get OAuth v2.0" Policy to set certain variables.
Then used "Assign Message" policy to set query parameter using those variables. One of the variable is "apigee.developer.app.name" which provides the relevant app name. I passed this app name to back end.
here is Get OAuth 2.0 Policy
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <GetOAuthV2Info async="false" continueOnError="false" enabled="false" name="Get-OAuth-v20-Info-1"> <DisplayName>Get OAuth v2.0 Info-1</DisplayName> <AccessToken ref="apigee.access_token"/> </GetOAuthV2Info>
Here is AssignMessage Policy
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AssignMessage async="false" continueOnError="false" enabled="false" name="AssignMessage-SetVariable"> <DisplayName>AssignMessage-SetVariable</DisplayName> <Properties/> <Add> <Headers/> <QueryParams> <QueryParam name="myQueryVar">{apigee.developer.app.name}</QueryParam> </QueryParams> <FormParams/> </Add> <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables> <AssignTo createNew="false" transport="http" type="request"/> </AssignMessage>
Answer by davissean
·
Aug 22, 2016 at 04:53 PM
Hi Ashwani,
If you are using OAuth 2, then you can already identify the client from the access token.
When you use the OAuthV2 policy, some context variables are populated. If I remember correctly, you have developer.app.name or client_id (You can check these in the Trace view). Either of these can be used to identify your client, and set the query parameter as you suggested.
1) Verify Access Token using OAuthV2 Policy
2) Set query parameter using AssignMessage policy:
<AssignMessage name="AssignMessage"> <AssignTo createNew="false" type="request">myRequest</AssignTo> <Set> <QueryParams> <QueryParam name="clientId">{client_id}</QueryParam> </QueryParams> <Verb>GET</Verb> </Set> <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables> </AssignMessage>
How does that sound?
If you aren't using OAuth2, only then do you need to add API Keys.
Need API KEY/Client Credentials to retrieve OAuth token.
Client Identifier with OAuth External Authorization 4 Answers
A few questions for setting up OAuth 2.0 for the first time 1 Answer
OAuth GenerateAuthorizationCode redirect with urn not working 3 Answers
I cant find radio button "Secure with OAuth v2.0 Access Tokens" radio button 2 Answers
ApiKey from OAuth for use in Separate Proxy with Simple Verify API Key policy 1 Answer