Welcome to the home page for OAuth on Apigee Edge. This landing page provides links to documentation, samples, and other resources related to using OAuth on Apigee Edge. 

The OAuth 2.0 framework

Secucre your APIs with OAuth 2.0. This section lists resources, sample code, videos, and other topics to help you be successful using OAuth 2.0 on Apigee Edge!

Apigee recommends choosing the OAuth 2.0 framework rather than OAuth 1.0a whenever possible.

Learn about OAuth 2.0

This collection of resources will help you get up to speed on OAuth 2.0. 

Implement the grant type flows

Apigee provides working samples of each OAuth 2.0 grant type to help you get started. The samples represent best practices and demonstrate how to implement OAuth grant types on Apigee Edge. 

Client credentials

  • Implementing the client credentials grant type - Introduces the grant type, with an emphasis on the steps you need to follow to implement this grant type on Apigee Edge. 
  • Sample implementation -- Check out this sample on our api-samples repo on GitHub.
  • Tutorial -- End-to-end tutorial shows how to protect an API with OAuth 2.0 using out-of-the-box configurations.
  • Foundation training -- The OAuth 2.0 client credentials grant type is covered in Part 6, Lessons 3 and 4 of this Apigee Academy free course. 

Authorization code

  • Implementing the authorization code grant type -- Introduces the grant type, with an emphasis on the steps you need to follow to implement this grant type on Apigee Edge. 
  • Sample implementation -- Check out this advanced sample on our api-samples repo on GitHub. You can clone the sample, deploy it, and run it. For details, see the README file. It includes a robust login app that authenticates users and communicates securely with the authorization server.

Implicit

  • (Coming soon) Implicit grant type overview
  • (Coming soon) Sample implementation

Resource owner password credentials

  • (Coming soon) Password credentials overview
  • (Coming soon) Sample implementation 
  • Foundation training -- The OAuth 2.0 resource owner password grant type is covered in Part 6, Lessons 6 and 7 of this Apigee Academy free course.

Quick how-to topics

These topics give you quick context and concise steps for handling common OAuth 2.0 tasks:

Policy and API references

These topics provide detailed reference information on the policies and APIs that directly support OAuth 2.0 on Edge.

  • OAuthV2 Policies -- These policies allow you to implement and customize the four OAuth 2.0 grant types on Apigee Edge:
    • OAuthV2 policy -- The heart of the Apigee Edge OAuth 2.0 implementation. It lets you configure OAuth 2.0 "operations" on Apigee Edge that generate access and refresh tokens, issue authorization codes, and validate tokens. This topic includes code samples to help illustrate how things work. 
    • GetOAuthV2Info policy -- Gets attributes of tokens and makes them available to policies and code executing in an API proxy. This policy type can be useful when you need to configure dynamic, conditional behavior based on a value in an access token. See also Customizing access tokens.
    • SetOAuthV2Info policy -- Updates the profile of an access token. For example, you may want to embed a tag that is unique to you business. See also Customizing access tokens.
  • OAuth 2.0 error codes
  • OAuth 2.0 APIs -- Apigee provides these APIs for working with OAuth 2.0 endpoints.

The OAuth 1.0a framework

OAuth 1.0a defines a standard protocol that enables app users to authorize apps to consume APIs on their behalf, without requiring app users to disclose their passwords to the app in the process. 

Apigee recommends choosing the OAuth 2.0 framework rather than OAuth 1.0a whenever possible.

OAuth 1.0a policy reference

The OAuthV1 policy reference explains how to configure an OAuth v1.0a plicy. The OAuthV1 policy type is responsible for generating request tokens, generating access tokens, and verifying access tokens based on the OAuth 1.0a specification. The OAuth

OAuth 1.0a APIs

Apigee provides APIs for working with OAuth 1.0a endpoints. 

OAuth 1.0a sample on GitHub

This sample API proxy on GitHub illustrates an OAuth 1.0a three-legged configuration. You can download and run this code.

Name Description
oauth10a-3legged Demonstrates an OAuth 1.0a three-legged configuration.

 

Help or comments?

  • Something's not working: See Apigee Support
  • Something's wrong with the docs: Click Send Feedback in the lower right.
    (Incorrect? Unclear? Broken link? Typo?)