Closed ashpost closed 1 year ago
We will add third option of oauth AND API key
Updated issue description and title to better reflect the scope of work and proposed approach.
One gap area right now is that OAuth Usage Plans in Portal currently expose two additional fields to facilitate generating auth tokens from within the Dev Portal UI
I think we can bridge this gap by adding oauthAuthorizationUrl
and oauthTokenUrl
to the ProductSelector
and applying those if any OAuth configs are found to apply to the selected Products (whether via OAuth AuthPolicy
directly or via CustomAuthConfig
)
This may have the side effect of allowing us to facilitate multiple UsagePlans
with OAuth AuthPolicy
s, though this requires more investigation on my part and is not really in scope for this ask, since I understand that the customer's use case is to have both API Key and OAuth.
This is released in 1.3.0-beta22
API Products support multiple usage plans when using ApiKey as authPolicy, but are limited to a single usage plan when using OAuth. We would like the ability to use OAuth as an authentication method for API clients and use API keys to associate the client with one of multiple usage plans on an API Product.
It looks like this can be achieved by using our existing customAuthConfig support in combination with the existing ApiKey usage plan support. Given the following OAuth AuthConfig:
An API Product can be configured to use both ApiKey and OAuth with the following:
We will also need an update to Developer Portal to recognize usage plans that are using both ApiKey and OAuth together via
customAuthConfig
. One gap area right now is that OAuth Usage Plans in Portal currently expose two additional fields to facilitate generating auth tokens from within the Dev Portal UI:authorizationUrl
tokenUrl
Not clear where Dev Portal will get these values with the approach proposed above.