This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Using third party access-tokens for Oauth Client Credentials

Posted on 03-13-2018 12:08 AM
Not applicable
Reply posted on --/--/---- --:-- AM

I have implemented OAuth Client Credentials in which access tokens are generated by third-party.

The last OAuth policy looks like this

<OAuthV2 name="OAuth-v20-Store-External-Token">
<DisplayName>OAuth v2.0 1</DisplayName>    
<Attributes/>    
<ExternalAccessToken>external_access_token</ExternalAccessToken>    
<ExternalAuthorization>true</ExternalAuthorization>   
<Operation>GenerateAccessToken</Operation>    
<GenerateResponse enabled="true">        
<Format>FORM_PARAM</Format>    
</GenerateResponse>    
<ReuseRefreshToken>false</ReuseRefreshToken>    
<StoreToken>true</StoreToken>    
<SupportedGrantTypes>        
<GrantType>client_credentials</GrantType>    
</SupportedGrantTypes>    
<Tokens/>
</OAuthV2

Can someone explain me where in Apigee Edge, access-tokens are getting stored by <StoreToken>true</StoreToken> ?

And also, can we use the token generated here, in any other API proxies where client will send the request along with this token ?

Or the <Operation>VerifyAccessToken</Operation> has to be in the same proxy but in different flow ?

0 3 269
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

@Dino

@Sai Saran Vaidyanathan

@Anil Sagar

Can you help here ?

0 Likes

Posted on --/--/---- --:-- AM
gregkuelgen
Staff
Reply posted on --/--/---- --:-- AM

When importing an external access token it is imported into the Edge token store. You can then use that token as you would any token that Edge itself had generated. This means that the token can be used to access any proxies to which the client has access.

Note that you may want to explicitly set the expiration time of the imported token in your policy, e.g. <ExpiresIn>360000</ExpiresIn>.

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
Reply posted on --/--/---- --:-- AM

Hi @Bhanu Prakash

I saw your other post where you had all the policies. For some reason I was not able to reply there. I notice that you were not validating the request coming in. First and foremost, you need to create an app and use that credentials to make a call to Apigee itself. Validate the credentials first and then go ahead with your policies. Make sure you assign the client_id for which the external token is being stored. In your Assign Message policy where you are setting oauth_external_authorization_status to true, make sure you are also including these lines to make sure Apigee has the client id for which the token is being stored

<Set>
        <FormParams>
            <FormParam name="client_id">{apigee_client_id}</FormParam>
            <FormParam name="grant_type">client_credentials</FormParam>
        </FormParams>
    </Set>