OAuth-Password

gopaldurgoji
Participant III

Hi All,

Im using OAuth-Password, during authentication of the token.

Once the client id and secret key is validated in Apigee I want the username and password to be validated from the target (that is from the server side) and not from the Apigee.

How to create a conditional flow within a flow Or is there any other way?

Solved Solved
0 3 175
1 ACCEPTED SOLUTION

Not applicable

I am not sure if you are trying to validate using the target of the proxy itself or anyother service., but you can use a service callout to validate the username/password and depending on the success, generate the access token. You can use two OAuth policies, first one will validate the client credentials as part of GenerateAcessToken operation with StoreToken flag as false and other one will be used after service callout to actually generate an access token. Hope that helps.

View solution in original post

3 REPLIES 3

Hi @Gopal D J

Once you have verified the client credentials, you can just pass the user credentials to your target and on the response flow, if the target service responded that the user creds is valid, you can use the OAuth policy with GenerateAccessToken as the operation to generate a token. The policy will look like this

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 async="false" continueOnError="false" enabled="true" name="OAuth2-Generate-AccessToken">
    <DisplayName>OAuth2-Generate-AccessToken</DisplayName>
    <Properties/>
    <Attributes/>
    <ExternalAuthorization>false</ExternalAuthorization>
    <Scope>request.formparam.scope</Scope>
    <Operation>GenerateAccessToken</Operation>
    <ExpiresIn>1800000</ExpiresIn> <!-- 30 minutes -->
    <RefreshTokenExpiresIn>3600000</RefreshTokenExpiresIn> <!-- 60 minutes -->
    <SupportedGrantTypes>
        <GrantType>password</GrantType>
    </SupportedGrantTypes>
    <GenerateResponse enabled="true"/>
    <Tokens/>
</OAuthV2>

Your conditional flow can have the following condition

<Condition>(proxy.pathsuffix MatchesPath "/token") and (request.formparam.grant_type="password") and (request.verb = "POST")</Condition>

I am not sure what other flows you have in your OAuth proxy, but the above can be used

Let me know if you have any questions

Not applicable

I am not sure if you are trying to validate using the target of the proxy itself or anyother service., but you can use a service callout to validate the username/password and depending on the success, generate the access token. You can use two OAuth policies, first one will validate the client credentials as part of GenerateAcessToken operation with StoreToken flag as false and other one will be used after service callout to actually generate an access token. Hope that helps.

@Sarika Dubey Thanks for the information, Im using a service callout to validate the pin and everything is working fine as expected 🙂