Solved: {"fault":{"faultstring":"Invalid ApiKey","detail":...

sampadajoshi8 · 08-17-2020 05:21 AM

I am trying to implement external authorization OIDC flow, where in the authorization I am placing VerifyAPIKey at the first place . So client sends the request with client_id (in this case Azure AD client_id)as a query param. I am bit confused as VerifyApikey will verify Apigee client_id.

But as in the query param of the request , AzureAD's client-id is passed and hence failing with Invalid APIKey.

If I remove VerifyAPIKey it works but I need to provide hardcoded client_id in the AssignMessage Policy before calling OAuth2.0 which is not a good practice.

Please help.

Report Inappropriate Content

You need to send the client id to Oauth2.0 policy, why do you need apikey verification in the flow. Apikey verification will happen against clientid in apigee developer app. If you need to verify then map apigee clientid to the same clientid of Azure AD.

View solution in original post

Report Inappropriate Content

You need to send the client id to Oauth2.0 policy, why do you need apikey verification in the flow. Apikey verification will happen against clientid in apigee developer app. If you need to verify then map apigee clientid to the same clientid of Azure AD.

sampadajoshi8

Thank you for quick reply Priyadarshi.I will map apigee clientid to AzureAD clientid.

{"fault":{"faultstring":"Invalid ApiKey","detail":{"errorcode":"oauth.v2.InvalidApiKey"}}}