Apigee shared flow to validate token

Question

I am using Apigee as gateway to our application. Several applications will hit Apigee and Apigee will in-turn route the request to backend servers. Every incoming request will have a JWT token.

I want Apigee to pass that token to a auth server and auth server will validate if the token is valid or not.

If token is invalid(if auth server return any status other then 200) , I want Apigee to return 403 error as response to request else pass the request to backend server.

How can I implement this kind of shared flow? Is it even possible with Apigee ? Is there any better way to achieve this?

Answer 1

You can do that.

Create a shared flow for Authentication/Authorization which includes ServiceCallout policy which will make a call to auth server.

Based on result for Unauthorized/Bad request you can raise a fault response with help of RaiseFault.

If the response is OK it will proceed smooth to backend.

Sample shared flow.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<SharedFlowBundle revision="1" name="Auth">
    <Policies>
        <Policy>AssignVariableJwks</Policy> <!-- Assign Input values if needed via AssignMessage policy -->
        <Policy>RequestAuthServer</Policy> <!-- Extrnal auth server call using ServiceCallout policy -->
        <Policy>TokenNotFoundValidation</Policy> <!-- Validate response and raise fault if needed using RaiseFault policy -->
    </Policies>
    <Resources/>
    <Spec/>
    <subType>SharedFlow</subType>
    <SharedFlows>
        <SharedFlow>default</SharedFlow>
    </SharedFlows>
</SharedFlowBundle>

For above shared flow create & attach required policies with logic and you're good to go.