This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Apigee OAuth2 policies acting as an authorization server are not enterprise ready?

Posted on 08-13-2019 08:02 AM
steveoshima
New Member
Reply posted on --/--/---- --:-- AM

My teams solution architects and penetration testing team are sating they will not accept Apigee acting as an authorisation server due to it not conforming to enterprise level security standards.

Can someone clarify this is true?

Will we have to look into some other products to host the oauth2 authorisation? Why could oauth2 token and validation policy services not be enterprise ready?

For interest this is for an open banking solution.

0 2 77
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

What are the objections being raised by your team?

not conforming to enterprise level security standards.

Specifically? ...?

0 Likes

Posted on --/--/---- --:-- AM
itravindrasingh
New Member
Reply posted on --/--/---- --:-- AM

Hi @Mike Hunt, - do you have a very specific checklist which you feel APIGEE Oauth is not full-filling?

APIGEE Oauth follows the principles of the OAuth you can check out the RFC details here -

https://tools.ietf.org/html/rfc6749

Even you go with hosting the Oauth on somewhere else what difference it would make?

0 Likes