Hi
I'm searching for an example of how I can make a api proxy pass OAuth scopes to a backend service so it can enforce rules on behalf of the scopes. The backend service is responsible for filtering response data on behalf of the current scope.
What is the best way of leveraging oauth policies on Apigee, but at the same time being able to pass/get oauth scopes in the backend service from eg. an oauth access token.
Answer by Dino-at-Google
·
Apr 24, 2020 at 02:07 PM
The OAuthV2 VerifyAccessToken policy will set a context variable "scope" upon verification of a good token.
You can then use an AssignMessage to inject a header into the request that carries that information.
Example
<AssignMessage name='AM-InjectScopeHeader'> <Set> <Headers> <Header name='Scope-from-Apigee'>{scope}</Header> </Headers> </Set> </AssignMessage>
If you attach that. AssignMessage policy to the request flow, the upstream system will receive a header with the scopes on the verified token.
Create and Manage APIs: OAuth 2.0: Client Credentials 3 Answers
How to register a third party Access token obtained by using a third party refresh token 0 Answers
OAuth custom flow 2 Answers
Invalid access token when request to an Apigee API 2 Answers
Does Apigee Allow ResourceFiles from Org/Env Level to be Used Directly in a Step? 1 Answer