This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

OAuth2 - A few questions

Posted on 11-19-2014 11:16 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Currently we are using Apigee's OAuth2 policies to generate auth codes, access tokens, and validate tokens. This all happens through the very specific OAuth2 policies. I am thinking about changing the proxy that handles OAuth2. While I do that I would like create a parallel proxy with my new resources, but leave the existing proxy in place.

Questions:

1. Is token management managed at the environment level? I.E. are tokens created for one environment unique to that environment?

2. Since Apigee generates the tokens, having two proxies generating tokens in the same environment should not be a problem. Is this accurate? Or will the second proxy cause generation/validation conflicts?

3. Have the OAuth2 policies using the same operation but different setting should not be a problem. Is this correct?

We use the following OAuth2 policy operations:

GenerateAccessToken

GenerateAuthorizationCode

InvalidateToken

RefreshAccessToken

Thanks.

Solved Solved
0 1 283
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hello,

I'm sorry it took so long to get this answer to you. I had to find the right resource in the company to answer them. Answers to your questions are as follows:

  1. OAuth Tokens are managed at the org level only. However, their scope can be controlled by the "Environment" / "ApiProxy" option in the ApiProduct of the ConsumerKey used to generate the OAuth Token.
  2. Yes, they are auto-generated. No conflicts or validation error will occur.
  3. A proxy can have multiple OAuth Policies with different configuration depending upon the usecase. But it makes sense to attach them in different proxy path.

View solution in original post

Jump to Solution
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hello,

I'm sorry it took so long to get this answer to you. I had to find the right resource in the company to answer them. Answers to your questions are as follows:

  1. OAuth Tokens are managed at the org level only. However, their scope can be controlled by the "Environment" / "ApiProxy" option in the ApiProduct of the ConsumerKey used to generate the OAuth Token.
  2. Yes, they are auto-generated. No conflicts or validation error will occur.
  3. A proxy can have multiple OAuth Policies with different configuration depending upon the usecase. But it makes sense to attach them in different proxy path.
Jump to Solution
0 Likes