This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Apigee and OAuth2

Posted on 08-23-2019 01:39 AM
andreilovin
New Member
Reply posted on --/--/---- --:-- AM

Hello,

I've just joined the community and started my research on Apigee and I'm hoping to receive some pointers to help me get started quicker.

I have a Drupal project implemented and almost ready for production with a set of APIs defined (REST request) and with OAuth2 enabled for each request.

I know that Apigee can act as an OAuth2 Server, but my question is:

Having already setup OAuth2 on my Drupal project with all the requests requiring a token verification, do I add the Drupal defined authentication request (where I retrieve the access token & reset key) just like any other API proxy in Apigee?

0 3 168
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
itravindrasingh
New Member
Reply posted on --/--/---- --:-- AM

Hi @Andrei Lovin

Could you please clarify the following questions?

- Is your Drupal app client-facing or just backend?

- Does your APIs are getting proxied on apigee?

- If you are using Drupal-based APIs and then proxying the APIs using apigee then how do you handle the token? Drupal,

A high level of the logical diagram would be helpful.

The reason I am asking you above questions because its good if your apigee based Oauth sits with client-facing app. If you are hosting your own OAuth layer with Drupal project and your Drupal is just backendend api provider you can use third party oauth token feature and can bring apigee oauth at front.

0 Likes

Posted on --/--/---- --:-- AM
andreilovin
New Member
In response to itravindrasingh
Reply posted on --/--/---- --:-- AM

- Drupal is just the backend.

- We have an Angular app which calls the REST requests.

Our usual workflow (w/o Apigee) is Drupal has OAuth and through client side app users authenticate.

Our client requested Apigee for security and monitoring reasons. Now, I'm looking in a way to integrate Apigee with our setup.

Could we remove OAuth layer from Drupal am leave the requests unauthenticated (but with access only to Apigee) and apply the OAuth layer through Apigee?

I'll look into the third party oauth token feature.

Thank you.

0 Likes

Posted on --/--/---- --:-- AM
itravindrasingh
New Member
In response to andreilovin
Reply posted on --/--/---- --:-- AM

Hi Andrei,

Thanks for the detailing. Here are the options you have with apigee as a middleware.

Option 1- Keep your setup as it is, put apigee into the middle of your angular and drupal. Use Apigee https://docs.apigee.com/api-platform/security/oauth/use-third-party-oauth-system

Option 2- Get Apigee in middle of the app and backend. Remove drupal based oauth if you feel hard to manage 2 oauth layers. Use apigee oauth feature for your app users and do the basic auth between apigee to drupal (prod) along with IP whitelisting for making drupal accessible from apigee only.

Option 3 - Use JWT feature of apigee along with apigee oauth, you can. Verify the JWT on both layer apigee as well as drupal.

let me know if you have more specific questions.

0 Likes