Extract user information from access tokens - PingIntelligence for APIs

Extract user information from access tokens - PingIntelligence for APIs - 5.0

PingIntelligence

bundle

pingintelligence-50

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.0

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-50

pingintelligence

private

ContentType_ce

Page created: 12 May 2021 |

Page updated: 1 Nov 2021

| 1 min read

5.0 Capability API Security Advanced API Cybersecurity Linux On-Premises Operating System Hosting Environment PingIntelligence for APIs Product

PingIntelligence for APIs provides the OAuthPolicy.xml policy to capture user information from the requests sent to Apigee gateway.

The policy verifies the access token from the bundled Apigee OAuth server and extracts details like username and client ID and other request metadata. It can verify access tokens provided as part of a request header or a query parameter.

The OAuthPolicy extracts request metadata tagged to an access token. The policy should be executed before the PingIntelligence policy that builds the ASE request message, which captures the username and client ID from the metadata extracted by OAuthPolicy.

The OAuthPolicy can be attached using a flow hook or a flow callout. For more information, see Deploying the PingIntelligence policy for flow hook and Deploying the PingIntelligence policy for Flow Callout.

You should deploy the OAuthPolicy.xml using a Flow CallOut policy to leverage the flexibility of applying on a per API basis. For more information, see Configuring PingIntelligence Flow Callout in Apigee.

The following screen capture illustrates the PingIntelligence shared flow with OAuthPolicy.

Screenshot of PingIntelligence shared flow with OAuthPolicy

Note:

At present, the OAuthPolicy supports extraction of user information from access tokens generated by Apigee bundled OAuth server only.

Configure apigee.properties file to capture the user information

Additionally set the configuration properties in apigee.properties file to extract the user information using the PingIntelligence OAuthPolicy. For more information, see Configure apigee.properties file to extract user information.

Note:

If a custom OAuth policy is used in place of PingIntelligence OAuthPolicy, then configure the enable_oauth_policy variable in apigee.properties to false.