Hello all and @dchiesa1 ,
I am very new to apigee and I have been following this tutorial for delegated oauth authentication.
https://github.com/dzuluaga/apigee-tutorials/tree/master/apiproxies/musicapi-oauth-delegated-authentication
It uses the parameter ?external_access_token=123456 to the proxy to set the access token.
My plan is using Google’s Oauth to do the following:
-
Call the https://accounts.google.com/o/oauth2/v2/auth to get the ‘code’ to exchange for a token.
-
Using the code from step 1, call https://www.googleapis.com/oauth2/v4/token with the code to get the real access token.
-
Extract the token and call the generatetoken endpoint with the parameter external_access_token={access token from google in step 2}
-
Call my OAuth protected proxy using the external access token from step 3
q1. Is this the correct way of using the Apigee and Google Oauth? I have seen a link about using extensions https://docs.apigee.com/api-platform/reference/extensions/google-authentication/google-authentication-extension-102 but I am not seeing the connector callout policy anywhere. Is it the same as ServiceCallout?
Here is my attempt to call google oauth
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
ServiceCallout async="false" continueOnError="false" enabled="true" name="Get-Access-Token">
<DisplayName>Get Access Token</DisplayName>
<Properties/>
<Request clearPayload="false" variable="myRequest">
<Set>
<Verb>POST</Verb>
<Headers>
<Header name="Content-Type">application/x-www-form-urlencoded</Header>
</Headers>
<FormParams>
<FormParam name="response_type">code</FormParam>
<FormParam name="client_id">...apps.googleusercontent.com</FormParam>
<FormParam name="scope">openid</FormParam>
<FormParam name="state">state_parameter_passthrough_value</FormParam>
<FormParam name="nonce">123456abcde}</FormParam>
<FormParam name="hd">company.com</FormParam>
<FormParam name="redirect_uri">[https://www.googleapis.com/oauth2/v4/token](https://www.googleapis.com/oauth2/v4/token)</FormParam>
</FormParams>
</Set>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
</Request>
<Response>calloutResponse</Response>
<HTTPTargetConnection>
<Properties/>
<URL>https://accounts.google.com/o/oauth2/v2/auth</URL>
</HTTPTargetConnection>
</ServiceCallout>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ExtractVariables continueOnError="false" enabled="true" name="Extract-Variables-1">
<DisplayName>Extract Variables-1</DisplayName>
<Properties/>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<JSONPayload>
<Variable name="expiresAt">
<JSONPath>$.code</JSONPath>
</Variable>
</JSONPayload>
<Source clearPayload="false">request</Source>
<VariablePrefix>apigee</VariablePrefix>
</ExtractVariables>
q2. Since I am planning to chain the auth and the token my redirect should be the token endpoint right? In apigee the policy flow should be service callout > extract variables > assign message (code) then do the same thing for token. Am I in the right track? Can someone please direct me to more examples of the extract variable/assign message policy?
Thank you for your time!
