This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Can OAuth policy be extended to verify the claims provided by user from a third party system

Posted on 05-10-2019 01:08 AM
fatemaali
New Member
Reply posted on --/--/---- --:-- AM

Hello,

In this case the access token needs to be generated by ApiGee(With client credentials verification) but after verifying the details coming from user with a third party system.

The verification API is a soap webservice. So can we use service-callout-policy here to connect to the third party system for verification and then conitnuing with the general OAuth flow. Or is there a better way?

Regards,

Fatema

0 3 83
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Is the token an opaque OauthV2 token that has been issued by Apigee Edge?

If so, that seems like a reasonable approach.

  • VerifyAccessToken
  • ServiceCallout to verify additional claims

If the inbound token is a JWT, you may not need an external service to do the validation of claims. The VerifyJWT policy will verify claims for you, inside Apigee Edge, with no need to call an external system.

0 Likes

Posted on --/--/---- --:-- AM
fatemaali
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Its the first case. So my question is it possible to call a soap service in service-callout-policy

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to fatemaali
Reply posted on --/--/---- --:-- AM

Yes. Yes it is quite possible. Easy.

https://community.apigee.com/questions/58240/how-to-do-servicecallout-with-soap-service.html

0 Likes