Announcements
This site is in read only until July 22 as we migrate to a new platform; refer to this community post for more details.
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.

configure Apigee to ignore Authorization Header

Not applicable

Hi

We are using client_credentials flow of Oauth 2.0.

We pass the following in token request:

1) client_id and client-secret as form parameters. Apigee should use these for validation when creating access_token.

2) Second set of credentials in Authorization header. Apigee should ignore Authorization header.

Those are used by our custom code during token creation.

Problem: Apigee reads Authorization header and ignores form parameters (client_id/client_secret). (Though Apigee correctly uses client_id/secret if Authorization header is not passed.)

Question:

How to configure Apigee so it ignores Authorization header and uses client_id and client_secret which are passed as form parameters?

I would appreciate any suggestions.

Regards

0 2 832
2 REPLIES 2