Solved: How to obtain an oAuth token from apigee using an ... - Page 2

leodevlin · 07-31-2020 09:59 AM

Hi All,

I have a requirement where I need to authenticate users of my web application using OKTA's SAML flow.

Once the user is in the app will make some call to APIs proxied and secured via apigee using oAuth.

I need to be able to exchange my SAML assertion/token received from okta to receive a valid oAuth token from apigee for the user so that I can keep making calls to those services.

Does apigee provide such an API or capability for such an exchange. If not , is there another solution it offers to this problem?

Thanks,

Leo

dchiesa1

The OAuth2 framework specification (RFC 6749) describes some "standard" ways for clients to request tokens, and receive tokens.

Later, RFC 7522 augmented that spec by describing a way to exchange a SAML Assertion for an OAuth token.

SAML 2.0 Profile for OAuth 2.0 Client Auth Grants

RFC 7522 describes how a SAML Assertion can be used to request an access token when a client wishes to utilize an existing trust relationship, expressed through the semantics of the SAML Assertion, without a direct user approval step at the authorization server. It also defines how a SAML Assertion can be used as a client authentication mechanism.

and, a looong time ago Nandan produced an example showing how to implement this SAML-for-OAuth token exchange using Apigee. The example is available here. I suppose it still works.

View solution in original post

How to obtain an oAuth token from apigee using an OKTA SAML assertion