Is there a plugin for checking claims and scopes, then have the ability to restrict access to the resources? If there isn't a prebuilt plugin, how would I go about creating a custom plugin to do this?
Solved! Go to Solution.
Here's the documentation describing how to build plugins
https://docs.apigee.com/api-platform/microgateway/2.5.x/develop-custom-plugins
Here's a repo that contains the code for existing microgateway plugins
https://github.com/apigee/microgateway-plugins
In particular for examining how to validate claism on a JWT, you might want to start with the extauth plugin:
https://github.com/apigee/microgateway-plugins/tree/master/extauth
Here's the documentation describing how to build plugins
https://docs.apigee.com/api-platform/microgateway/2.5.x/develop-custom-plugins
Here's a repo that contains the code for existing microgateway plugins
https://github.com/apigee/microgateway-plugins
In particular for examining how to validate claism on a JWT, you might want to start with the extauth plugin:
https://github.com/apigee/microgateway-plugins/tree/master/extauth
In the custom plugin onrequest event, can I get the name of the proxy being executed?
I am not familiar with the code base, but... I think the proxy name is available in res.proxy in the response parameter provided to onRequest().
Yep, the res.proxy.name has what I need. Thanks for the help.