Running APICast with OAuth2

[4integ...@gmail.com]

Hi,

When setting up APICast with support for OAuth2 I understand the requirement for Redis to store/cache tokens.

The example docker-compose.yml here: https://github.com/3scale/apicast/blob/master/examples/oauth2/docker-compose.yml also have an OAuth2 server and a Client - is it correct that these are only for testing/sandbox purpose? We have our own Authorization Server

So a more production like docker-compose.yml woul look like:

----------------------------------------

version: '2'

services:

    gateway:

        container_name: apicast-staging

        image: registry.access.redhat.com/3scale-amp21/apicast-gateway:1.4

        restart: always

        depends_on:

            - redis

            - oauth

        ports:

            - "8880:8080"

            - "8890:8090"

        env_file: .env

        network:

            - bridge

    redis:

        image: redis

----------------------------------------

/ Joacim

[pim.g...@gmail.com]

Yes these are only for sandbox purposes. I think it should be possible to have any complient Oauth2 authentication server connected to 3Scale, however I only have experience using Red Hat SSO (or the community version Keycloack)

regards,

Pim

Op donderdag 4 januari 2018 10:58:49 UTC+1 schreef 4integ...@gmail.com:

[Kevin Price]

Hi Joacim,

In addition to Pim's response it's important to understand that the gateway is the token master in this case. The Authorisation server is only used to authenticate the users and the gateway will generate and issue tokens which are then stored in 3scale. Using RH SSO or Keycloak is the recommended way if you want to use OAuth2. You could even try to use RH SSO as a broker to your Authorisation server but I suspect that might be a fair bit of work to implement. You can use RH SSO as an LDAP also and just migrate all of your users to the RH SSO server.

Hope that helps.

Cheers,

Kevin