{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Adapter for Envoy
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • 日本語コミュニティ
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Integration (AWS, PCF, Etc.) /
avatar image
0
Question by Ashish Mundra · Feb 13, 2020 at 06:21 AM · 187 Views oauth 2.0okta

Okta Integration API Registration

Without Apigee, we had a API which needed to be registered in Okta for user to authenticate before getting access to the API. This API obtained user context from Okta token.

Then, we adopted Apigee and set Okta as OAuth2.0 Server for Apigee.

Question 1: Do I need to now register two APIs in Okta 1. The API Proxy which I create in Apigee and 2. The original API, so that it can still create User Context from the Okta token which gets forwarded to it by API Proxy?

Question 2: Should we also validate token from backend API also (along with validating token from API proxy) or is it acceptable to have no Authentication in our backend APIs going forward?

Thanks,

Ashish

Comment
Add comment
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Close

1 Answer

  • Sort: 
avatar image
0

Answer by Kurt Googler Kanaskie · Feb 13, 2020 at 12:34 PM

Hi @Ashish Mundra,

Q1: You don't need to register 2 APIs in Okta, you just need to associate the Okta token with the Apigee token via a custom attribute when you create it. Then when you validate the Apigee token in your proxy, you will have access to the Okta token which you can then set as the Authorization for the backend API call.

Q2: I would keep backend API Authentication as per Q1 answer. That way if your backend authorizations changed (say to remove a user or change scope) your APIs would be protected.

Regards,

Kurt

Comment
Add comment Show 1 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Ashish Mundra · Feb 13, 2020 at 10:04 PM 0
Link

I am thinking that if Okta is my IAM solution, then Okta should provide a Token and not Apigee (even the one which you mention as Apigee Token in answer above). In this https://www.okta.com/sites/default/files/okta_apigee-data-sheet_20180618.pdf, Apigee is not generating any token as well (is how I read it). If Apigee is to provide a Token then will I need to not register User in Apigee also and if so, I would want to avoid adding users to Apigee as we have Okta+AD for that. May be I am not understanding this plumbing well and will need some advice from community and how others have done it. Thanks.

Follow this Question

Answers Answers and Comments

74 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

Get OAuthV2 Info 3 Answers

Apigee & Azure Active directory integration - External Identity provider 2 Answers

SAP ECC 6.0 integration with APIGEE using Gateway, ODATA and OAUTH 2.0 1 Answer

APIGEE proxy for Google Cloud Identity (IDP) SAML integration 1 Answer

Is there any documentation or steps for Apigee integration with WSO2 IDAM? 0 Answers

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2021 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Adapter for Envoy
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • 日本語コミュニティ
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Badges