This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

3 legged oauth using our own authentication with apigee oauth code and token

Posted on 02-06-2019 08:34 AM
bbhatia
New Member
Reply posted on --/--/---- --:-- AM

I am planning to use apigee as source of auth code and access token with our own authentication web app which simply present user login page, consent. I will use alexa account linking as example.

Flow =

step 1: - Client (User agent) opens login page with all params client id, secret, redirect uri etc

step 2: - login page present UI and after successfully authenticazting user, calls apigee endpoint to get auth code and gets 302 response with Location header.

Now browser doesn't redirect like this origin domain A (login page) --> apigee oauth endpoint --> location header

Is it possible to user separate authorization (apigee oauth) and authentication (custom login app not hosted in apigee) server for 3 legged auth?

Refer https://stackoverflow.com/questions/22397072/are-there-any-browsers-that-set-the-origin-header-to-nu...

0 1 543
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Yes, surely.

This API Proxy shows how the normal Authorization Code flow goes. There's a web sequence diagram in the README that might help clarify the various messages that go back and forth.

In this particular illustration, the login-and-consent experience is a nodejs app, and it just so happens to be hosted as an app inside Apigee Edge. But that is not necessary at all. The app could be hosted anywhere, and it could be implemented in any language. The Web Sequence Diagram shows the messages the login-and-consent app needs to support.

0 Likes