Apigee Microgateway oauth password grant type authentication claims

Not applicable

Is username and password is not validated in password grant type while genrating oauth 2.0 token through edgemicro-auth proxy ?

I am getting token while giving wrong username and password.Can you suggest me how to validate authentication credentials ?

0 1 203
1 REPLY 1

Former Community Member
Not applicable

The edgemicro-auth proxy uses the Apigee OAuth policy to generate access tokens. The relevant documentation for OAuth policy is here: https://docs.apigee.com/api-platform/reference/policies/oauthv2-policy#passwordelement

The OAuth policy does not validate credentials. Modify the edgemicro-auth proxy to add a service callout before the OAuth policy to validate the credentials from an external IdP.