I am digging on the Oauth implementation under Apigee, and there is something that escapes me.
Once the user is authenticated and provides a token to access a protected resource. I want to get the identity of the user at the API level (or Apigee) to determine which user is logged in?
If in Apigee I will add the user mail in the request url or in the body of the request, and If I handle that in API, how could get the identity in the requested protected source
Example
I am using Resource password grant flow
After VerifyAccessToken is there any call that i have to do to get user identity? (email for example)
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <OAuthV2 async="false" continueOnError="false" enabled="true" name="verify-oauth-v2-access-token"> <DisplayName>Verify OAuth v2.0 Access Token</DisplayName> <Operation>VerifyAccessToken</Operation> </OAuthV2>
Use the access entity policy once you have verified the access token to pull in the developer info
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AccessEntity async="false" continueOnError="false" enabled="true" name="PullDeveloperInfo"> <DisplayName>PullDeveloperInfo</DisplayName> <EntityIdentifier type="consumerkey" ref="apigee.client_id"/> <EntityType value="developer"/> </AccessEntity>
Same way you can pull in app info, api products info, etc. For more info see
here.
Sorry I don't need developer app username but "usermail" used when he make a request to get token. I use Resource owner password grant flow
grant_type=password&username=the-user-name&password=the-users-password
User | Count |
---|---|
5 | |
2 | |
1 | |
1 | |
1 |