Open ID Connect with third party authorization code and access token using ldp

Not applicable

Hi,

I need to use my company Open Id Connect implementation which generate authorization code and access token which I will use while access any Proxy API in Apigee platform.

So, Apigee need to accept authorization code and access token generated by outside Apigee.

Please suggest how it will possible and if any example that will be great.

0 5 385
5 REPLIES 5

Hi Rajeev,

Did you check this article

https://community.apigee.com/articles/40036/apigee-as-oauth-provider-pingfederate-as-identityp.html

Let me know if you need any additional info.

-Naseer

Hi Nasser,

Thanks for your reply.

Approach 1:

In our organization, we have already implemented Open Id Connect implementation in which authorization code and access token generated by Apigee using OAuthV2 policy and Apigee communicate to Authorization Server (LDAP) for end user credentials and check their username/Passoword.

Approach2:

Now, in my organization has already OAuth implementation which generate authorization code as well as Access token including LDAP Authorization Server. I can used this with third-party approach (using Service Callout and Set available access token in OAuthv2 policy) provide by Apigee.

My query is which approach is best and why? What is Apigee recommendation? Is Approach1 not according to OAuth specification?

Hi Rajeev,

The above two approaches addresses two different use-cases; The real question should be which module will be OAuth Authorization Server, which module will be the OAuth Resource Server and which module will be the IdentityProvider.

Once the above is figured out, you will be able to make the decision easily.

Apigee Edge supports all the above options: Follow my other links here..


OpenID-Connect with PingFederate

https://community.apigee.com/articles/40036/apigee-as-oauth-provider-pingfederate-as-identityp.html

PingFederate as AZ Server Apigee as RS

Thanks

Naseer

Hi Naseer,

Our both model (Approach 1 and 2) clearly explain the use case. Definitely, we will go with PingFederated (NAM in our scenario) for Authorization Server which will validate username/Password from the Ldap.

OAuth Resource server which generate the authorization code and access token can either - Apigee or our existing Ldap system.

Is generating authorization code and access token by Apigee is not as per OAuth specification?

If token generate by existing Ldap system then we will miss OOB features but anything else is important which will be miss?

In our situation -

Resource Server is Apigee which is fixed, Authorization server (generate access token) could be Apigee or existing system. Which one is generally recommend by Apigee - for Authorization Servre?