{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Adapter for Envoy
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • 日本語コミュニティ
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Microgateway /
avatar image
1
Question by Timothy Murray (tcs) · Mar 19, 2019 at 05:16 PM · 181 Views microgatewayoauthscopes

Microgateway oauth plugin does not seem to enforce scopes

I am working on a system where we are using scopes to enforce RBAC.

The edgemicro-auth proxy was not populating the scopes element on the token. I have tweaked it and now it does. And as expected if the scopes passed in do not mach any of the scopes assigned to the products in the app the scopes element is blank.

But when I use the token to access token to access a microgateway aware proxy the token is accepted whether or not it has scopes, and whether the scope is the correct scope or not.

Comment
Add comment Show 2
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Imesh Gunaratne ♦ · Mar 26, 2019 at 12:43 AM 0
Link

Timothy, thanks for sharing your findings! As you have identified Edge Microgateway oauth plugin does not handle OAuth scopes at the moment. May be you could open a pull request or an issue explaining the improvements you have done. Thanks!

https://github.com/apigee/microgateway-edgeauth
https://github.com/apigee/microgateway-plugins

avatar image Dinesh Viswanath · Oct 24, 2020 at 07:05 PM 0
Link

I am working on a similar problem. I thinking of passing scopes to the target(reverse proxy'd) server to enable target proxy ensuring the sufficient scope is present before accessing.

did you manage to solve your problem? if so please share your approach. @timothymurray

Close

0 Answers

  • Sort: 

Follow this Question

Answers Answers and Comments

85 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

Enhancement to microgateway to customize an auth style plugin 1 Answer

Proxy calls to edgemicro-auth/token endpoint within a microgateway instance 1 Answer

Restrict access to a microservice via the Apigee Micro Gateway based on the resource path. 1 Answer

How to prevent the next() sequenced plugin being called 2 Answers

Microgateway : Apikey and OAuth access token generation not working 1 Answer

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2021 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Adapter for Envoy
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • 日本語コミュニティ
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Badges