Create a Custom AppID API
The Custom AppID API handles the workflow to call the AppID POST /token
and the POST /introspect
endpoints that constitute the OAuth OpenID Connect OAuth 2.0 authorization workflow. The GatewayScripts are responsible for parsing the incoming requests from the previous nodes and outgoing responses for the next nodes.
The Custom AppID API implements the same workflow as the optional Node-RED Test Server, but then embedded in the DataPower Gateway that is part of the API Connect instance.
In API Connect Create a new API
Go to the API Connect Dashboard,
From the
Home
menu, go toDrafts
,
Go to the
APIs
tab,
Create a new API and click the
Add +
button,Select
New API
Edit the API details:
Title: Custom AppID API,
Name, Base Path, and Version will auto-populate,
In
Additional properties
,For
Create API using template
selectDefault
,For
Target endpoint
set/introspect
,Under
Security
, forIdentify using
selectNone
,Check
Enable CORS
,Under
Gateway
selectDataPower Gateway
,Click
Create API
,
Add New Path
Go to the
Paths
section,Add a new Path and click the
+
icon,Rename
/path-1
to/introspect
,Click the
Save
icon,
Add the /token and /introspect Workflow to the Policy Assembly,
Go to the
Policy Assembly
section and clickEdit assembly
,In the
Assemble
editor, a new assembly will load with a defaultinvoke
action,
In the
Assemble
editor, consecutively, create 3GatewayScripts
:From the
Policies
section, drag aGatewayScript
node onto the workflow, to parse the credentials of the incoming request,Rename the
Title
togs - credentials
,Paste the following Gateway script into the editor window,
Save the Assemble to prevent loss,
From the
Policies
section, drag anotherGatewayScript
node onto the workflow, to parse the user credentials from the previous step, and send aPOST /token
request to the Open ID Connect Identity Provider and receive theaccess_token
,id_token
,token_type
, andexpires_in
the properties of the response,Rename the
Title
togs - token
,Paste the following Gateway script into the editor window,
Now we have the identity token, from the
Policies
section, drag a lastGatewayScript
node onto the workflow, to call the AppIDPOST /introspect
API to validate the user's identity token,Rename the
Title
togs - introspect
,Paste the following Gateway script into the editor window,
The response of the last GatewayScript
gs - introspect
is a simple true|false value, which API Connect handles to return or proceed with the original API request,From the top right menu, click the manage dropdown and select
Generate a default product
if you do not have an existing product,
Click
Create product
to create the New Product,
This will stage your new API to the Sandbox,
Click
Explore
and selectSandbox
,
Click the
POST /introspect
operation in the left menu, and review the API reference values,Copy the full URL, you need it to configure the Security Definition of your API, e.g. POST `https://api.<api region>.apiconnect.appdomain.cloud/<username>-dev/sb/custom-appid-api/introspect`,
Last updated