Istio + Apigee : API authorization using OAuth?

anshul_
Participant IV

I am new to istio but exploring this for one of my upcoming project where the plan is to use Apigee to publish APIs that are running on istio.

After reading documentation on https://docs.apigee.com/api-platform/istio-adapter, I assume that if we use Apigee Adaptor for istio then only api key validation can be used for authorization and no Oauth is supported yet.

Please let me know my understating is correct? If OAuth is supported then how would be the flow?

0 2 833
2 REPLIES 2

Former Community Member
Not applicable

Hey @aagrawal, OAuth in indeed supported. The OAuth Auth Server is Edge. Edge issues JWT based token. Istio can validate the JWT token (for signature). The Apigee mixer adapter then looks at the claims in the token for access to entitlements.

We are trying to run the apigee istio adaptor and use an external token provider. In some ways the istio adaptor looks like the microgateway but lacks the ability to use an external oauth provider. But the bigger problem we face is that with an external token the api products are not present int he token. And it looks like there is no syncronization of the istio bindings from Apigee Edge into Istio. The istio services all need to be created manually.

We need a solution where there is no dependency on edge at runtime (hence the external token provider)

But we need a solution that synchronizes product and service definitions from edge into istio.