top of page
This site was designed with the
.com
website builder. Create your website today.Start Now

Implementing Password grant type OAuth 2.0 with Apigee

Introduction

The Password grant type, is an OAuth 2.0 grant type used in trusted environments, where the application and the OAuth endpoint on Apigee Edge, set up to generate an access token, have a high grade of confidence and security. If the credentials are valid, Apigee Edge returns an access token to the client app. You can visit this blog about OAuth.

Password grant type use cases

The typical use cases for password Grant flow are those for highly privileged and trusted environments because end-user authorization is needed. The consuming app provides a login screen to the end-user to enter the credentials.

Grant Flow actors

Actors that participate in the OAuth flow are as follows:

  • Client App -- The app that needs access to the user's protected resources. Typically, with this flow, the app runs on server rather than locally on the user's laptop or device.

  • OAuth api -- Will act as an authorization server. Its role is to generate access tokens, validate access tokens.

  • Mocked API Proxy-- Is the API proxy that is going to protect and route the requests to the final destination (the mock in this case). Validates the tokens using the OAuth API services and allows the final resource consumption.

OAuth 2 Proxy configuration

As the authorization server, OAuth API processes requests for access tokens. You need to create a proxy with a custom flow to handle access token requests, and then add and configure an OAuthV2 policy. To illustrate the creation of the API Proxy you can visit this other post creating an API with Apigee and bear in mind that this proxy will not need a backend (No target type).

1. Create a new flow

2. Configure the flow to have the following configuration:

<Flows>

<Flow name="AccessToken">

<Condition>proxy.pathsuffix == "/accesstoken"</Condition>

<Request>

<Step><Name>GetAccessToken</Name></Step>

</Request>

</Flow>

</Flows>

3. Add an OAuth v2 policy with the following configuration

<OAuthV2 name="GetAccessToken">

<Operation>GenerateAccessToken</Operation>

<ExpiresIn>360000000</ExpiresIn>

<SupportedGrantTypes>

<GrantType>password</GrantType>

</SupportedGrantTypes>

<GrantType>password</GrantType>

<UserName>login</UserName>

<PassWord>password</PassWord>

<GenerateResponse/>

</OAuthV2>

4. Now you can save the OAuth proxy

Test the Apigee OAuth API Proxy using Apigee and Curl

You can test your OAuth API using cURL or a web browser.

In order to properly request an access token you should prepare the basic authentication credentials by following these steps:

  1. Concatenate client_id, client and secret

  2. Obtain the base64 encoded correspondence of the result

  3. Prepare an Authorization header like:

Authorization: Basic dHdvIG11Y2ggaGlkZGVuIHNlY3JldHM=

You should consider the org name to prepare the following cURL command.

In a terminal window, run the following cURL command. You should use your organization name in the URL.

curl -i -H 'Content-Type: application/x-www-form-urlencoded' -X POST 'http://<org_name>-test.apigee.net/oauth/accesstoken' -d 'grant_type=password&username=the-user-name&password=the-users-password' -H 'Authorization: Basic dHdvIG11Y2ggaGlkZGVuIHNlY3JldHM='

bottom of page