PingIntelligence

Extract user information from access tokens

PingIntelligence for APIs provides the OAuthPolicy.xml policy to capture user information from the requests sent to Apigee gateway.

The policy verifies the access token from the bundled Apigee OAuth server and extracts details like username and client ID and other request metadata. It can verify access tokens provided as part of a request header or a query parameter.

The OAuthPolicy extracts request metadata tagged to an access token. The policy should be executed before the PingIntelligence policy that builds the ASE request message, which captures the username and client ID from the metadata extracted by OAuthPolicy.

The OAuthPolicy can be attached using a flow hook or a flow callout. For more information, see Deploying the PingIntelligence policy for flow hook.

You should deploy OAuthPolicy.xml using a Flow CallOut policy to leverage the flexibility of applying on a per API basis. For more information, see Configuring PingIntelligence flow callout in Apigee.

The following screen capture illustrates the PingIntelligence shared flow with OAuthPolicy.

Screen capture of PingOne API Intelligence shared flow with OAuthPolicy

At present, the OAuthPolicy supports extraction of user information from access tokens generated by Apigee bundled OAuth server only.

Configure apigee.properties file to capture the user information

Additionally set the configuration properties in apigee.properties file to extract the user information using the PingIntelligence OAuthPolicy. For more information, see Configure apigee.properties file to extract user information.

If a custom OAuth policy is used in place of PingIntelligence OAuthPolicy, then configure the enable_oauth_policy variable in apigee.properties to false.