You're viewing Apigee Edge documentation.
Go to the
Apigee X documentation. info
Welcome to the home page for OAuth on Apigee Edge. This landing page provides links to documentation, samples, and other resources related to using OAuth on Apigee Edge.
The OAuth 2.0 framework
Secure your APIs with OAuth 2.0. This section lists resources, sample code, videos, and other topics to help you be successful using OAuth 2.0 on Apigee Edge!
Learn about OAuth 2.0
This collection of resources will help you get up to speed on OAuth 2.0.
-
Apigee documentation:
- Introduction to OAuth 2.0 -- Covers basic OAuth 2.0 concepts and terms. Focuses using OAuth on Apigee Edge.
- Apigee training and certifications:
- Apigee offers online training for API developers, including a course on API security, which includes OAuth.
-
IETF Specification:
- IETF Specification -- Apigee highly recommends that you review this specification. It includes a good basic introduction and conceptual overview.
-
Apigee e-book and video:
- OAuth the Big Picture, a free Apigee e-book.
- OAuth the Big Picture, a free Apigee webcast.
Implement the grant type flows
Apigee provides working samples of each OAuth 2.0 grant type to help you get started. The samples represent best practices and demonstrate how to implement OAuth grant types on Apigee Edge.
Client credentials
- Implementing the client credentials grant type - Introduces the grant type, with an emphasis on the steps you need to follow to implement this grant type on Apigee Edge.
- Sample implementation -- Check out this sample on our api-samples repo on GitHub.
- API security (includes OAuth)
Authorization code
- Implementing the authorization code grant type -- Introduces the grant type, with an emphasis on the steps you need to follow to implement this grant type on Apigee Edge.
- Sample implementation -- Check out this advanced sample on our api-samples repo on GitHub. You can clone the sample, deploy it, and run it. For details, see the README file. It includes a robust login app that authenticates users and communicates securely with the authorization server.
Implicit
- Requesting tokens: Implicit grant type -- Shows how to request tokens with the implicit grant type.
Resource owner password credentials
- Implementing the password grant type -- Introduces the grant type, with an emphasis on the steps you need to follow to implement this grant type on Apigee Edge.
Quick how-to topics
These topics give you quick context and concise steps for handling common OAuth 2.0 tasks:
- Configuring a new API proxy
- Registering client apps
- Obtaining client credentials
- Configuring OAuth endpoints and policies
- Requesting tokens and auth codes
- Customizing access tokens
- Approving and revoking access tokens
- Sending an access token
- Verifying access tokens
- Working with scopes
- Advanced topics
Policy and API references
These topics provide detailed reference information on the policies and APIs that directly support OAuth 2.0 on Edge.
-
OAuthV2 Policies -- These policies allow you to implement and customize
the four OAuth 2.0 grant types on Apigee Edge:
- OAuthV2 policy -- The heart of the Apigee Edge OAuth 2.0 implementation. It lets you configure OAuth 2.0 "operations" on Apigee Edge that generate access and refresh tokens, issue authorization codes, and validate tokens. This topic includes code samples to help illustrate how things work.
- GetOAuthV2Info policy -- Gets attributes of tokens and makes them available to policies and code executing in an API proxy. This policy type can be useful when you need to configure dynamic, conditional behavior based on a value in an access token. See also Customizing access tokens.
- SetOAuthV2Info policy -- Updates the profile of an access token. For example, you may want to embed a tag that is unique to you business. See also Customizing access tokens.
- OAuth 2.0 error codes
- OAuth 2.0 APIs -- Apigee provides these APIs for working with OAuth 2.0 endpoints.
The OAuth 1.0a framework
OAuth 1.0a defines a standard protocol that enables app users to authorize apps to consume APIs on their behalf, without requiring app users to disclose their passwords to the app in the process.
OAuth 1.0a policy reference
The OAuthV1 policy reference explains how to configure an OAuth v1.0a plicy. The OAuthV1 policy type is responsible for generating request tokens, generating access tokens, and verifying access tokens based on the OAuth 1.0a specification.
OAuth 1.0a APIs
Apigee provides APIs for working with OAuth 1.0a endpoints.
OAuth 1.0a sample on GitHub
This sample API proxy on GitHub illustrates an OAuth 1.0a three-legged configuration. You can download and run this code.
Name | Description |
---|---|
oauth10a-3legged | Demonstrates an OAuth 1.0a three-legged configuration. |