Could any one please let me know How to access an API through the generated access token using OAuth 2.0?
Hi
I think Your question is a very general one. You didn't mention anything about Apigee Edge. So let's talk about OAuth 2.0, and we will take it from the top. Pardon me if this is not what you were asking about.
OAuth 2.0 is a framework specified in IETF RFC 6749 that describes how apps can obtain limited access to HTTP (usually RESTful) services. The main method for doing so involves
If you have ever ridden an old-fashioned underground or subway, you may have used a token to get access to the transit system. Most transit systems have moved to stored-value cards, so this analogy is somewhat dated now. A subway token isn't worth anything, unless the possessor presents it to the subway turnstile. In that case the token is good for access to the subway or underground system. Anyone that has the token can use it to get access; in that sense the holder or "bearer" of the token is granted the access. If you lose a subway token, and someone else finds it, then the token is still good for access to the subway, even though a different person holds it.
OAuth tokens work similarly - an OAuth bearer token is just a thing that grants access to a system. OAuth tokens are a little more complicated, in that they can
But basically the subway token analogy holds pretty well.
So how can you build an app and a service, such that the service grants access based on a generated OAuth token? Here's the idea of how it should work:
The token issuance service then returns the token, and optionally *some* of the metadata I just described, to the calling app. For example the token issuance service may respond with:
{ "access_token" : "ABCDEFGHIJKL", "expiry" : 1800, "scope" : "read" }
...to indicate the returned token will expire in 1800 seconds, and that the scope is "read".
Authorization: Bearer ABCDEFGHIJKL
The service then validates the token - checking its expiry and scope - before performing the requested operation. Depending on how the system is designed, the service may need to explicitly contact (call out to) the token-issuance service to validate the token.
Well as you know, there are many different frameworks now that allow developers to build services very easily. Whether you are coding in Java, or Go, or nodejs, or PHP or Python or C# or ..... any language, it's pretty straightforward to build RESTful services.
The challenge comes in when you want to do things like:
Apigee Edge can act as a proxy that performs the token verification at runtime for you. Apigee Edge can also act as the token-issuance service, and usually does; it can validate client credentials, validate user credentials, participate in a 3-legged OAuth flow, or participate in an OpenID Connect flow.
With Apigee, You don't have to write code in order to add high-scale, reliable OAuth protection to your existing APIs.
Apigee Edge does more than OAuth of course. This is just one tool in the toolbox.
Well we have a number of assets to help, including
If you have further questions, please let me know.
Hi @Dino
Actually I have generated an access token using OAuth 2.0. Now I am trying to access that
API proxy using access token by giving
Authorization:Bearer ABCDEFGHIJKL in the header.
I am getting error as follows:
{
"error": "auth_bad_access_token",
"timestamp": 1503488348244,
"duration": 0,
"error_description": "Unable to authenticate due to corrupt access token",
"exception": "org.apache.usergrid.rest.exceptions.SecurityException"
}
Please help me to resolve the issue.
Thanks & Regards.
User | Count |
---|---|
2 | |
1 | |
1 | |
1 | |
1 |