Welcome to the home page for OAuth on Apigee. This landing page provides links to documentation, samples, and other resources related to using OAuth on Apigee.
The OAuth 2.0 framework
Secure your APIs with OAuth 2.0. This section lists resources, sample code, videos, and other topics to help you be successful using OAuth 2.0 on Apigee!
This collection of resources will help you get up to speed on OAuth 2.0.
- Introduction to OAuth 2.0 -- Covers basic OAuth 2.0 concepts and terms. Focuses using OAuth on Apigee.
- Apigee training and certifications:
- Apigee offers online training for API developers, including a course on API security, which includes OAuth.
- IETF Specification -- Apigee highly recommends that you review this specification. It includes a good basic introduction and conceptual overview.
- OAuth the Big Picture, a free Apigee e-book.
Implement the grant type flows
Apigee provides working samples of each OAuth 2.0 grant type to help you get started. The samples represent best practices and demonstrate how to implement OAuth grant types on Apigee.
- Implementing the client credentials grant type - Introduces the grant type, with an emphasis on the steps you need to follow to implement this grant type on Apigee.
- Sample implementation -- Check out this sample on our api-samples repo on GitHub.
- Implementing the authorization code grant type -- Introduces the grant type, with an emphasis on the steps you need to follow to implement this grant type on Apigee.
- Sample implementation -- Check out this advanced sample on our api-samples repo on GitHub. You can clone the sample, deploy it, and run it. For details, see the README file. It includes a robust login app that authenticates users and communicates securely with the authorization server.
- Requesting tokens: Implicit grant type -- Shows how to request tokens with the implicit grant type.
Resource owner password credentials
- Implementing the password grant type -- Introduces the grant type, with an emphasis on the steps you need to follow to implement this grant type on Apigee.
Quick how-to topics
These topics give you quick context and concise steps for handling common OAuth 2.0 tasks:
- Configuring a new API proxy
- Registering client apps
- Obtaining client credentials
- Configuring OAuth endpoints and policies
- Requesting tokens and auth codes
- Customizing access tokens
- Approving and revoking access tokens
- Sending an access token
- Verifying access tokens
- Working with scopes
- Advanced topics
These topics provide detailed reference information on the policies and APIs that directly support OAuth 2.0 on Apigee.
OAuthV2 Policies: These policies allow you to implement and customize
the four OAuth 2.0 grant types on Apigee:
- OAuthV2 policy: The heart of the Apigee OAuth 2.0 implementation. It lets you configure OAuth 2.0 operations on Apigee that generate access and refresh tokens, issue authorization codes, and validate tokens. This topic includes code samples to help illustrate how things work.
- GetOAuthV2Info policy: Gets attributes of tokens and makes them available to policies and code executing in an API proxy. This policy type can be useful when you need to configure dynamic, conditional behavior based on a value in an access token. See also Customizing access tokens.
- SetOAuthV2Info policy: Updates the profile of an access token. For example, you may want to embed a tag that is unique to your business. See also Customizing access tokens.
- OAuth 2.0 error codes