Page Comparison

...

Campus IdM will support client_credential grant using ucsbNetId and password for Application Accounts (Service Accounts).
Basic Security Requirements
Apigee Gateway OAuth Token will having matching lifespan as Campus IdM OAuth Token.

Requirements

Ticket(s) Title User Story Priority Notes

Call Non-Sensitive API

As a Client Developer, I need to authenticate my calls to the Campus API Gateway in order to get access to non-sensitive endpoints (/students/lookups)

Status

colour	Green
title	must have

Should only need to provide Service Account ucsbNetId and password.
OAuth call should go against Apigee OAuth endpoint.
- Apigee will pass through the call to Campus IdM
- The Campus IdM response will pass through back to the client

Authenticate Client

As a Campus IdM Admin, I need to authenticate the Client Application before the Campus API Gateway can grant access

Status

colour	Green
title	must have

Should use client_credential grant.
Will return Apigee client_id. If not directly in the response, then the information should be attainable from an Introspection Endpoint.

Client Info Storage in Campus API Gateway

As a Campus API Admin, I need to retrieve Client Application information for future request verifications.

Status

colour	Green
title	must have

Campus IdM access tokens will need to be stored in the Apigee OAuth Provider.
Apigee will need to store the access token and client_id in the OAuthV2/GenerateAccessToken policy. This will be used for verification/validation in subsequent calls from the client through Apigee.

...

Versions Compared

Old Version 23

New Version 24

Key

Requirements