This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Existing API - Providing OAuth Access Control

Posted on 05-29-2015 09:58 PM
sunnypav
New Member
Reply posted on --/--/---- --:-- AM

Hi Apigee,

We have an existing API for which we wanted to provide Access Control through OAuth. So i have some questions which will be helpful to come up with the solution. Our API is some kind of document management system where end users can store, retrieve and delete their own documents.

Does Apigee provide any OAuth server in-built. If provides how to plugin our Active Directory store to it (LDAP) so that enterprise users can login against them.

Second question is around OAuth scopes. I can setup required scopes for each API and validate them during the runtime of the call. But how the End API (our backend API) knows who is the logged in user ? For example i have list my docs API which lists logged in user documents. Now the authentication & authorization is happening at the Apigee level how backend api knows about that this request is for this user.

Thanks,

Raja

Solved Solved
1 3 675
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
sudheendras
Staff
Reply posted on --/--/---- --:-- AM

Absolutely!

You can protect any API proxied through Apigee Edge with OAuth 2.0 (also 1a). Apigee Edge includes an authorization server implementation, and as such, can generate and validate access tokens. It can also work with an existing LDAP system with out of the box policies. However the LDAP policy support is available in an On-premise (Private Cloud) offering only.

Here are the links on Apigee's OAuth and LDAP support. These links include sample configurations, tutorials for you get started with Apigee.

To your second question -

Yes, you can setup OAuth Scopes with Apigee and enforce them at runtime. We have a great documentation on working with scopes. This page describes how you can add scopes while generating tokens and check them while validating the tokens.

If you need additional information, please feel free to contact us via Support or this community.

View solution in original post

Jump to Solution
3 REPLIES 3

Posted on --/--/---- --:-- AM
sudheendras
Staff
Reply posted on --/--/---- --:-- AM

Absolutely!

You can protect any API proxied through Apigee Edge with OAuth 2.0 (also 1a). Apigee Edge includes an authorization server implementation, and as such, can generate and validate access tokens. It can also work with an existing LDAP system with out of the box policies. However the LDAP policy support is available in an On-premise (Private Cloud) offering only.

Here are the links on Apigee's OAuth and LDAP support. These links include sample configurations, tutorials for you get started with Apigee.

To your second question -

Yes, you can setup OAuth Scopes with Apigee and enforce them at runtime. We have a great documentation on working with scopes. This page describes how you can add scopes while generating tokens and check them while validating the tokens.

If you need additional information, please feel free to contact us via Support or this community.

Jump to Solution

Posted on --/--/---- --:-- AM
sunnypav
New Member
Reply posted on --/--/---- --:-- AM

Thanks for replying. Now i got pretty good understanding of how to implement it. One thing still i want to understand is how my backend API knows about the logged user information at Apigee proxy.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
sudheendras
Staff
In response to sunnypav
Reply posted on --/--/---- --:-- AM

The token generated by Apigee contains metadata related to the token. The user info could be saved as a custom attribute in the token, which can be passed to the backend after verification. Checkout this helppage for customising the OAuth tokens.

Jump to Solution
0 Likes