Welcome to the lab on Apigee Integration with Okta!
The goal of this lab is to walk you through configuring and using the Apigee Identity Facade to integrate with Okta and authenticate users.
We assume the basic knowledge of Apigee platform and you will get the most from this hackathon if you do.
Ideally you will have completed the Coursera Apigee Design, Development and Security Courses.
Alternatively, completing the Apigee API Jam will cover the same topics in less depth.
Lets get started!
Here are the tools needed to complete the tasks:
The URL configured in the Apigee Environment group is needed so Okta can be configured with the correct redirection setting.
Use Apigee UI
https://{env group hostname}/v1/oauth20/callback
https://34.149.2.239.nip.io/v1/oauth20/callback
export TEST_IDP_APIGEE_CLIENT_ID={Client ID above}]
export TEST_IDP_APIGEE_CLIENT_SECRET={Client Secret above}
export IPD_HOSTNAME={Okta domain above}
git clone https://github.com/apigee/devrel.git
cd devrel/references/identity-facade
export IDP_DISCOVERY_DOCUMENT="https://$IPD_HOSTNAME/.well-known/openid-configuration"
export APIGEE_X_ORG={your org name}
export APIGEE_X_ENV={Apigee environment name. Default is eval}
export APIGEE_X_HOSTNAME={your Apigee hostname ex:34.149.2.239.nip.io)
echo $IDP_DISCOVERY_DOCUMENT
echo $TEST_IDP_APIGEE_CLIENT_ID
echo $TEST_IDP_APIGEE_CLIENT_SECRET
echo $APIGEE_X_ORG
echo $APIGEE_X_ENV
echo $APIGEE_X_HOSTNAME
./pipeline.sh --googleapi
export APIGEE_CLIENT_ID={consumerKey above}
export APIGEE_SECRET={consumerSecret above}
export BASE64_ENCODED=$(echo -n $APIGEE_CLIENT_ID:$APIGEE_SECRET | base64)
This test will simulate a three-legged OAuth 2.0 flow / authorization grant
export AUTH_URL="https://$APIGEE_X_HOSTNAME/v1/oauth20/authorize?client_id=$APIGEE_CLIENT_ID&response_type=code&scope=openid email profile&state=abcd-1234&redirect_uri=https://mocktarget.apigee.net/echo"
echo $AUTH_URL
https://mocktarget.apigee.net/echo
providing the authorization_code and initial state parameters.export AUTH_CODE={authorization code returned above}
export APIGEE_RESPONSE=$(curl -s --location --request POST "https://$APIGEE_X_HOSTNAME/v1/oauth20/token?client_id=$APIGEE_CLIENT_ID" \
--header "Authorization: Basic $BASE64_ENCODED" \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'redirect_uri=https://mocktarget.apigee.net/echo' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode "code=$AUTH_CODE")
echo $APIGEE_RESPONSE
export ACCESS_TOKEN=$(echo $APIGEE_RESPONSE | jq -r .access_token)
echo $ACCESS_TOKEN
curl --location --request GET "https://$APIGEE_X_HOSTNAME/v1/oauth20/protected" \
--header "Authorization: Bearer $ACCESS_TOKEN"
Congratulations! You've now successfully integrated your Apigee environment with a 3rd party IDP, Okta, and secured your API using OAuthV2 tokens.