Custom plugin for checking claims

danielhoenig
Participant III

Is there a plugin for checking claims and scopes, then have the ability to restrict access to the resources? If there isn't a prebuilt plugin, how would I go about creating a custom plugin to do this?

Solved Solved
0 4 181
1 ACCEPTED SOLUTION

LMGTFY

Here's the documentation describing how to build plugins

https://docs.apigee.com/api-platform/microgateway/2.5.x/develop-custom-plugins

Here's a repo that contains the code for existing microgateway plugins

https://github.com/apigee/microgateway-plugins

In particular for examining how to validate claism on a JWT, you might want to start with the extauth plugin:

https://github.com/apigee/microgateway-plugins/tree/master/extauth

View solution in original post

4 REPLIES 4

LMGTFY

Here's the documentation describing how to build plugins

https://docs.apigee.com/api-platform/microgateway/2.5.x/develop-custom-plugins

Here's a repo that contains the code for existing microgateway plugins

https://github.com/apigee/microgateway-plugins

In particular for examining how to validate claism on a JWT, you might want to start with the extauth plugin:

https://github.com/apigee/microgateway-plugins/tree/master/extauth

In the custom plugin onrequest event, can I get the name of the proxy being executed?

I am not familiar with the code base, but... I think the proxy name is available in res.proxy in the response parameter provided to onRequest().

Yep, the res.proxy.name has what I need. Thanks for the help.