This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Backend OAuth token expiry management

Posted on 07-11-2021 03:24 AM
dmudro
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Am exploring Apigee Edge to be used in the context of following layers:

client browser / app -> my serverless functions -> Apigee proxy -> several external backend services

The backend services are REST with "classic" OAuth 2 access token which after expiry must be renewed with a refresh token. Obviously each backend has their own set of OAuth credentials (client id, secret, access token, refresh token).

Now I'd like to let Apigee manage that token renewal process, ideally it can store the refresh token and can have a simple renewal logic programmed in when querying the backend REST: "if-access-token-expired-then-fetch-a-new-one-with-this-refresh-token-and-continue-with-request" .

How to do this?

Am I looking at the problem from the right angle or there is more suitable solution in the Apigee world given the layers above?

 

 

Solved Solved
0 1 1,025
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Denis_KALITVI
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

You need to implement this logic as part of shared-flow (I would do that).

In this scenario I see Apigee =>>>> backend, right? Who managed the OAUTH2? Backend? If this is system-to-system call, why wont you use client_credential grant_type and you dont need any refresh tokens, just generate new one or write logic that will check the timestamp of the generated token and issue new one. 

 

If this is not the case, I would suggest:

The logic goes: 

- generate access_token based on XYZ logic, and store it to cache with multiple keys: [token|expiration date]

- next time you will get the cache value, check if time now > token expiration, if yes - regenerate token and restore it to cache, if not - grab the token and pass it to backend. 

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
Denis_KALITVI
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

You need to implement this logic as part of shared-flow (I would do that).

In this scenario I see Apigee =>>>> backend, right? Who managed the OAUTH2? Backend? If this is system-to-system call, why wont you use client_credential grant_type and you dont need any refresh tokens, just generate new one or write logic that will check the timestamp of the generated token and issue new one. 

 

If this is not the case, I would suggest:

The logic goes: 

- generate access_token based on XYZ logic, and store it to cache with multiple keys: [token|expiration date]

- next time you will get the cache value, check if time now > token expiration, if yes - regenerate token and restore it to cache, if not - grab the token and pass it to backend. 

Jump to Solution