Short notes of things that I have learnt or have got my hands dirty with. Short summary sometimes or some analysis in some cases. Blogs on various frameworks, tools and techniques in developing JEE and related applications.
Jul 25, 2018
Implementing oAuth with Apigee
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 async="false" continueOnError="false" enabled="true" name="OAuth-v20-1">
<DisplayName>OAuth v2.0-1</DisplayName>
<Properties/>
<Attributes/>
<ExternalAuthorization>false</ExternalAuthorization>
<Operation>VerifyAccessToken</Operation>
<SupportedGrantTypes/>
<GenerateResponse enabled="true"/>
<Tokens/>
</OAuthV2>
Now this is protected by oAuth on server so we need service to generate oAuth token. Create a product that exposes this API and App that has access to this Product. Note the Client id and Client secret of this Developer app and get the Base64 encoded value of string <client_id>:<client_secret>.
Set this value in Basic authorisation as shown.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 async="false" continueOnError="false" enabled="true" name="OAuth-v20-1">
<DisplayName>OAuth v2.0-1</DisplayName>
<ExpiresIn>180000</ExpiresIn>
<Operation>GenerateAccessToken</Operation>
<SupportedGrantTypes>
<GrantType>client_credentials</GrantType>
</SupportedGrantTypes>
<GrantType>request.header.grant_type</GrantType>
<GenerateResponse enabled="true"/>
</OAuthV2>
Now send a request for oAuth from postman as
Note down the token returned by this call and set it in header while sending request to actual API.
Congratulations...you were able to get the response from API that is protected by oAuth.
Subscribe to:
Posts (Atom)