PingIntelligence for APIs provides the OAuthPolicy.xml policy to capture user information from the requests sent to Apigee gateway. The policy verifies the access token from the bundled Apigee OAuth server and extracts details like username and client id and other request metadata. It can verify access tokens provided as part of a request header or a query parameter.

The OAuthPolicy extracts request metadata tagged to an access token. The policy should be executed before the PingIntelligence policy that builds the ASE request message, which captures the username and client id from the metadata extracted by OAuthPolicy.

The OAuthPolicy can be attached using a Flow Hook or a Flow Call Out. For more information, see Deploy PingIntelligence Policy for Flow Hook and Deploy PingIntelligence Policy for Flow Call Out.

It is advised to deploy the OAuthPolicy.xml using a Flow Call Out policy to leverage the flexibility of applying on a Per API basis. For more information, see Configure PingIntelligence Flow Call Out in Apigee. The following screenshot illustrates the PingIntelligence shared flow with OAuthPolicy.

Note: At present, the OAuthPolicy supports extraction of user information from access tokens generated by Apigee bundled OAuth server only.

Configure apigee.properties file to capture the user information

Additionally set the configuration properties in apigee.properties file to extract the user information using the PingIntelligence OAuthPolicy. For more information, see Configure apigee.properties file to extract user information.

Note: If a custom OAuth policy is used in place of PingIntelligence OAuthPolicy, then configure the enable_oauth_policy variable in apigee.properties to false.