Apigee 3-Legged OAuth Lab using Keycloak as Character Provider

In this lab, we will encounter the full 3-Legged OAuth stream with Apigee going about as the OAuth provider. Regardless, out of sight, will be the IdP that will do the customer backing and token age. 

To complete the lab, you ought to have an Apigee Edge account. You can search for after a record over at: https://login.apigee.com/sign__up. 

After you make the record, and start it, Apigee approaches an evaluation relationship for you. You can use this assessment connection, or in case you are completing this lab in a class setting use the coalition obliged by the teacher. 

You can switch between relationship by tapping on the drop-down on the upper left most corner of the screen. 

All through this lab, we will execute REST APIs to accomplish different tasks. The models are given using Turn, regardless you are permitted to use some other client of your choice (for instance Postal carrier, Lack of rest). In case you are not set up to use Wind, and would incline toward not to present additional programming, I'd endorse the Apigee REST Client as it doesn't require any foundation and is major and standard to use. 

On the model REST Programming interface acquires this lab, the URLs, and payloads are parameterized using substitutions/placeholders like this <REPLACE_ME>. 

Here are the common substitutions you are going to see: 

<ORG> — The Apigee association you will use during this lab.<ENV> — nature inside the Apigee partnership you will use during the lab.<PREFIX> — This should be a short lowercase social affair of letters that extraordinarily remembers that you. In case your name is John Walker Smith, you could use jws<YOUR_USERNAME> — This is your Apigee Edge account username. It's the email address you use to login to the Apigee Edge UI.<YOUR_PASSWORD> — This the riddle key identifying with your Apigee Edge Account.<APP_CLIENT_ID> — This is the OAuth client_id of the application you will make during the lab.<APP_CLIENT_SECRET> — This is the OAuth client_secret of the application you will make during the lab.<AUTHORIZATION_CODE> — This is the code you will increment after the shrouded stage in the OAuth stream. 

If you don't starting at now have a producer account in Apigee. Surrenders ahead and make one. Customarily, an ace record is made using a remotely confronting originator door. 

For example, recognize your association revealed an organizer fragment at developer.example.com. This is the spot external originators can come and look at your alliance's APIs, and search for after an architect record to use these APIs. This is what I am construing as a "producer account". 

A little while later, since we are not going to use a creator area for this lab, we can rather use the Apigee Edge UI (as a head) to make an ace record. 

On the left course menu, click on Convey, by then click on the Originators sub-menu. In the long run, click on the +Developer hop on the upper right of the screen. 

Fill in the structure with the nuances for the new fashioner. To keep up an essential nice ways from battle with different people using a basically indistinguishable coalition, we will pick a remarkable username and email. It shouldn't be a liberal email. 

username: <PREFIX>_devemail: <PREFIX>_dev@example.com 

for instance 

Snap Eager for progress get. 

In this improvement, we will make a Key-Worth Guide (KVM) that is going to store the OpenID metadata for the Keycloak IdP. This metadata contains information, for instance, the OAuth token and endorsing endpoints, similarly as the dynamic client determination endpoint for Keycloak. 

In any case, surrenders ahead and recuperate the metadata information. For the Keycloak event we will use, this information can be gotten to at the going with indisputably got URL: 

https://keycloak.syntax3.com/auth/zones/apijam/.unmistakably valued/openid-plan 

Keep a tab open with the URL above. We will use this later in this improvement. 

A little while later, back in the Apigee Edge UI, from the left-course menu, click on the Director menu (has a contraption picture). By then, select the Conditions sub-menu. By then, click on Key-Worth Maps. 

When you are in the Key-Worth Maps configuration page, select the test condition, beginning from the drop on the upper left. 

After a short time, click on the +Key worth guide hop on the upper faultless, to make another KVM. This raises another trade where we will enter a name for the new KVM. 

Use the going with manual for name the KVM: 

<PREFIX>-outside idp-metadata 

for instance 

By then, click on the Add catch to make the KVM. 

Since you have united the KVM, don't stop for one moment to pick your KVM from the blueprint. Next, lets join another territory inside the KVM. 

Make an effort not to stop for one moment to tap on the regardless of + bounce on the upper right of the screen to combine another area. This raises a trade to put the section nuances. 

For the entry's name, type json_config 

For the entry's value, stick the full JSON substance of the OpenID metadata you copied previously. 

for instance 

Finally, click the Incorporate catch. 

For this lab, we starting at now have a Programming interface Mediator pack that we can bring into Apigee. 

Download the going with Programming interface Delegate gathering: external idp.zip 

Authentically, don't stop for one moment to research to the Programming interface Go-betweens page by clicking Make Menu (on the upper left), by then click on the Programming interface Go-betweens sub-menu. 

By then, click on the + Programming interface Mediator bounce on the upper right corner of the screen. You should be right now in the Programming interface Middle individual creation wizard. 

Pick the decision (at the bottom)for getting a present Programming interface Middle individual Gathering. Snap Straightaway. 

for instance 

Next, on the nuances screen, click on the "Pick record" get, and select the Programming interface go between pack you downloaded as of now. 

Change the Mediator Name field, to have a remarkable name as showed up as looks for after: 

for instance 

<PREFIX>-outside idp 

When you've done this, keep tapping on the Accompanying catch, until you land at the Assembling Section showing a structure hence: 

By then, click on the Assembling get. 

Right when the middle individual has been moved reasonably, click on the association with see the go between in the circulation chief. 

Since the Programming interface Middle individual has been acceptably imported, we will transform it so you can avoid base-course conflicts with various customers. 

To do this, change to the Programming interface focus individual Make tab. It is on the upper right corner of the screen. 

By then, select the Programming interface Middle individual endpoint named "Dynamic-Client Enrollment" 

Look down the XML on the purpose of union of the screen until you discover the <BasePath> plan part 

Prepend/<PREFIX> to the base-course as showed up as looks for after: 

for instance 

/mm/v1/idp/applications 

Next, select the go-between endpoint named "OAuth-Endpoints". 

We are likewise going to change the base-course for this. Look down on the XML game-plan on the purpose of union of the screen, until you get in contact at the <BasePath> structure part. 

Prepend/<PREFIX> to the base-route as appeared as looks for after: 

for instance 

/mm/v1/idp/oauth 

Finally, click on the Extra catch to save these changes. 

For this bit of the lab, we will change the Programming interface Middle individual so it gets to the KVM you made as of now. 

If you are not starting at now in the Make tab, don't extra a minute to change to it. A little while later, inside this tab, discover Methodologies area on the upper left. Inside this board, look until you find the system named KVM-GetIdpMetadata. Snap on it. 

Since you've picked the technique, you should see the XML plan for this blueprint in the middle area of the screen. It should take after this: 

Here, we will change the mapIdentifier property of the KeyValueMapOperations XML area (the root part). This quality is what reprimands the game plan which KVM to recoup the traits structure. 

Prepend the <PREFIX> to the present identifier. 

for instance 

<PREFIX>-external idp-metadata. 

It should look something like this: 

Finally, click on the Extra catch to save these changes. 

On this improvement, we will send the judge into the test condition. To do this, investigate to the Make tab of the Programming interface focus person. By then, in the screen click on the Association dropdown, and select the test condition. 

Correctly when the talk brief appears, click on the Send get. The result should take after this: 

You can tap on the Association dropdown again, to approve. for instance 

On later walks around the lab, at whatever point you see the <ENV> substitution, use the value: 

test 

In this improvement, we will make an Apigee Programming interface Thing that will be used to reveal the OAuth delegate we made beginning at now. 

From the left course click on the Disseminate menu, and select the Programming interface Things sub-menu. In the end, click on the + Programming interface Thing hop on the upper right. 

In any case, gives fill-get to the Thing Nuances zone as showed as looks for after: 

name: <PREFIX>-oauthdisplay name: <PREFIX>-oauthenvironment: testaccess: open 

The result ought to look like this. 

Next, gives fill-get to the Programming interface Resources territory. 

Snap on the Incorporate go between I