How to verify external generated opaque access token

Hello, is there a way to verify external generated opaque access token in apigee.

0 4 344
4 REPLIES 4

yes, there are 2 ways.

  1. call out to the external system to ask for verification of the token
  2. "import" the token into Apigee's store and use the OAthV2/VerifyAccessToken policy

For the former, the way you would do this is dependent upon the third-party system. You'd probably use a ServiceCallout policy to make that request.

For the latter, you can reference this doc page.

Hi, thanks for responding, Is there any example available for first approach, using any idp

I don't know of any example there. I suppose it will vary depending on the issuer of the token. You'd have to check the documentation of the token issuing party.

Is there any document to use ServiceCallout policy to get access token from external application