This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Developer App on Apigee and Azure/Okta - Sync up & Authorization

Posted on 12-23-2020 08:38 AM
asharma377
New Member
Reply posted on --/--/---- --:-- AM

hi Most idps such as azure and okta are allowing developer apps to be created on their platform.


What is the criteria to decide whether we create the developer app on Apigee vs Okta/Azure (take client credentials flow only). What are the advantages to create the app on Okta/Azure.

If i have an app on Okta etc that gives me token. I would still need to create an app on Apigee which i would associate with API Product(i.e Resources). Is the approach to have two apps being used by other members in apigee projects?

what would be the role of Okta/IDP here then only is it to generate token. Can i also associate resources in terms of Apigee Endpoints also there.

In previous post answered by @Dino-at-Google he mentioned to synchronize client id/ secrets so we maintain only single pair

https://docs.apigee.com/api-platform/publish/import-existing-consumer-keys-and-secrets

Is this something done using custom scripts?

I have also referred to the help doc -

https://docs.apigee.com/api-platform/security/oauth/use-third-party-oauth-system

I think here the generation of token request routes through Apigee and it communicates to the IDP using externalauthorization=true.

For authorization it is recommending here to use OAuthV2 policies as the token was generated via Apigee so it is was stored and can be verified.

So this is different from the usecase i mentioned as in our case client would have already got the token from IDP, and then when it comes to Apigee it needs to validate the same and allowed access to resource.

In the previous posts priyadarshi mentioned implementing the use-case i mentioned

https://community.apigee.com/questions/88720/client-credentials-provided-by-azure-ad-vs-apigee.html

Don't want to confuse but there could also be complications if we get Devportal also in to picture where developers can create their own apps on Apigee and associate Apps. This app would be on apigee and may not have it's counter part on Okta/Azure.

I am unsure how these apps on two different systems would by in-sync and what are the best practices keeping different oauth grant types in consideration.

Please share your thoughts.

thanks,

Aakash

1 5 569
Topic Labels
5 REPLIES 5
Top Solution Authors
View all