Skip to content

Latest commit

 

History

History

3rdPartyOAuthAPI

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
apiproxy
apiproxy
 
 
3rdPartyOAuthAPI.zip
3rdPartyOAuthAPI.zip
 
 
README.md
README.md
 
 

README.md

Apigee Edge and Okta Integration

This API demonstrate use of 3rd party OAuth token providers.Using this we can import externally generated access tokens, refresh tokens, or auth codes into the Edge token store.

Apigee Doc : https://docs.apigee.com/api-platform/security/oauth/use-third-party-oauth-system

We have used Okta as our OAuth provider in given example. Please create an account on Okta developer portal to work with this API.

This API accomplish below two process.

  1. How to save an external authorization code generated by Okta in Apigee Edge
  2. How to save an external access token (opaque or JWT) from Okta in Apigee Edge

Redirect URI:

  • Apigee App: Client redirect uri.
  • Okta App: Apigee redirect uri (Create a redirect endpoint in apigee oauth api).

Authorization Code Flow

  1. Client calls apigee /authorize oauth endpoint with apigee app credentials and redirect_uri.
  2. Apigee validates client_id, redirect_uri, scope and othere related fields.
  3. If validation of above is success, do following:
    • Set client_id to okta client id.
    • Set redirect_uri provided while creating okta app.
    • Send request with these params to okta authentication service
    • Okta sends auth code back to redirect uri provided. It will be an endpoint of apigee oauth API as stated above.
  4. On Apigee redirect endpoint, call OAuth policy to save the code provided by okta.
  5. Send the same code and state back to client redirect_uri.

Client --> Apigee OAuth API (/authorize) --> Okta Auth Server --> Apigee redirect endpoint(/redirect) --> Save auth code in Apigee (OAuth Policy) --> Send auth code to client redirect_uri

Token Flow

  1. Client calls the /token (POST) endpoint of apigee.
  2. Apigee have the auth code from Okta. It validates the request with those details.
  3. If validation is successful, apigee calls Okta /token endpoint to get access token for given auth code.
  4. Okta returns response back to Apigee.
  5. Apigee saves the token from Okta using OAuth Policy.
  6. Sends the response back to client.

API Flow

  1. Client calls the API with Bearer Token.
  2. Apigee validates the token using OAuth Policy (VerifyAccessToken)
  3. Apigee then validates the JWT token using JWT Verify policy.
  4. If validation is successful, api response is returned.