New Apigee instances/organizations come with a built in OAuth 2.0 server. Their default security mechanism is an API Key, but they fully support OAuth 2.0 right out of the box.
A new instance will come with an active OAuth 2.0 endpoint deployed to your Dev, Test, and Prod instances.
The default OAuth 2.0 endpoint is very similar to this proxy example. But, the tutorial on Apigee’s website is to send the grant_type as a form parameter. So, a quick swap can change the grant_type lookup:
![image_thumb[3]](https://lh3.googleusercontent.com/-CFPpp44t6y4/WnfRp0tkdSI/AAAAAAAABSg/ej-vZunWFlksvWi2BVQEecFF_Vgf9acKwCHMYCw/image_thumb%255B3%255D_thumb%255B1%255D?imgmax=800 "image_thumb[3]")
Once that’s changed over, you’ll need to request an access token from the endpoint. To do this go into one of your applications and get the client_id and client_secret:
![image_thumb[7]](https://lh3.googleusercontent.com/-Vgs03udsKbs/WnfRqorRzeI/AAAAAAAABSo/UawZRfxF-V0YEVu23G-beIpcIEB3v5pngCHMYCw/image_thumb%255B7%255D_thumb%255B1%255D?imgmax=800 "image_thumb[7]")
And now we can throw this info into a powershell script to get back our bearer token:
$apigeeHost = "{organization}-{environment}.apigee.net"
$clientId = "{your client id}"
$clientSecret = "{your client secret}"
$authUrl = "https://$apigeeHost/oauth/client_credential/accesstoken"
$authHeaders = @{
"Content-Type" = "application/x-www-form-urlencoded"
}
$authBody = "grant_type=client_credentials" + `
"&client_id=$clientId" + `
"&client_secret=$clientSecret"
$authResponse = Invoke-WebRequest -Method POST -Headers $headers -Body $body -Uri $loginUrl
if($response.StatusCode -ne 200) {
throw ("Authorization Failure`r`n" + $response)
}
$authInfo = ConvertFrom-Json $response.Content
$authInfo
![image_thumb[9]](https://lh3.googleusercontent.com/-77uYM5FlUrk/WnfRrFkGfCI/AAAAAAAABSw/qDh7YjHagakhpRyAfkRbgExv2xftoXnnACHMYCw/image_thumb%255B9%255D_thumb%255B1%255D?imgmax=800 "image_thumb[9]")
Before making a call to a resource, make sure to setup the resource API Proxy with an OAuth Verification:
![image_thumb[15]](https://lh3.googleusercontent.com/-jSqMN3eUT5M/WnfRr4QMgRI/AAAAAAAABS4/qNKkmNm3pQIh0DlH0lnx760QnCCghYabQCHMYCw/image_thumb%255B15%255D_thumb%255B1%255D?imgmax=800 "image_thumb[15]")
![image_thumb[17]](https://lh3.googleusercontent.com/-AaU-7Ts8VQE/WnfRsrtQs8I/AAAAAAAABTA/X9jjqXtxPmwUD_HWGW1XlsXNG7M3X-1wwCHMYCw/image_thumb%255B17%255D_thumb%255B1%255D?imgmax=800 "image_thumb[17]")
You actually only need the <Operation>VerifyAccessToken</Operation>, but it doesn’t hurt to leave the rest.
Now that we have a bearer token, we can use it as an authorization header to make a call to our resource:
# use your resource url here
$resourceUrl = "https://$apigeeHost/sa/quartercalendar/oauth/v1/quarters?quarter=20154"
$resourceHeaders = @{
Authorization = "Bearer $($authInfo.access_token)"
}
$resourceResponse = Invoke-WebRequest -Method GET -Uri $resourceUrl -Headers $resourceHeaders
ConvertFrom-Json $resourceResponse.Content
![image_thumb[13]](https://lh3.googleusercontent.com/-tgd0BzFWjsg/WnfRtsQTHRI/AAAAAAAABTI/DHmGUknApXEBTMr7_L8BcM-wpP537rMSQCHMYCw/image_thumb%255B13%255D_thumb%255B1%255D?imgmax=800 "image_thumb[13]")
0 comments:
Post a Comment