Scope check

geetikabeskhiya · 08-27-2020 09:04 AM

I have a set of scopes stored in apigee(KVM). I need to verify the incoming scope with my stored scopes along with access token.

assumption: I can not store the scopes in the product because my proxy a lot of conditional flow and the scopes can differ accordingly.

Any way i can so this?

Report Inappropriate Content

You can configure different products with different scopes and the products can be registered with separate developer app credentials.

This will allow a particular credentials with particular scopes. And the conditional flows can be registered with the product to which you want to allow.

For example : if you want an user read scope to 4 conditional flows, add the flows with the product and register that to a developer app credentials. The user will be able to do read using that credentials.

Similarly you can do for others.

geetikabeskhiya

Ok.. I have assume 200 flows associated with the with a single proxy. Don't you think it will be too much overhead?

Can't we do some dynamic scope checking, by passing the dynamic values to the verifyoauth? Even if I do that will I be able to run 2 3 policies in loop for all the scopes?

Report Inappropriate Content

you can use ** or * for the flows. If you are. Saying 200 separate flows in a proxy then you should restructure your proxy.This is a bad practice to create api.

Looping of policies also is bad practice in Apigee.

Inside token you can add the scope but from where do you think to get the scope information?

geetikabeskhiya

Yes it is bad practice. Oh looping of policies is bad. Ok Thanks.

The scope will be in json.

Report Inappropriate Content

Where will you store scope information?

geetikabeskhiya

in the KVM

Report Inappropriate Content

Yes, that's ok. If you want to keep in kvm, then you can add the scope to the paith token during token generation and it will be available in flow once token is verified.

geetikabeskhiya

Thanks. I will try this.