You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As per the diagram, API proxy calls out the IdP to verify the authcode when the consumer app calls the /authcode(apikey, secret, callbackurl) endpoint on the proxy - and then API proxy saves the token and userId returned by the IdP. I don't see any such interaction in the proxy implementation and there is no /authcode flow either.
Seems like you implicitly trust the external access token that is being passed in by the consumer?
The text was updated successfully, but these errors were encountered:
Hi, the sequence diagram doesn't depict the actual implementation that I see in the proxies.
https://github.com/dzuluaga/apigee-tutorials/tree/master/apiproxies/musicapi-oauth-delegated-authentication
As per the diagram, API proxy calls out the IdP to verify the authcode when the consumer app calls the /authcode(apikey, secret, callbackurl) endpoint on the proxy - and then API proxy saves the token and userId returned by the IdP. I don't see any such interaction in the proxy implementation and there is no /authcode flow either.
Seems like you implicitly trust the external access token that is being passed in by the consumer?
The text was updated successfully, but these errors were encountered: