VP Innovation at Axway, Co-founder at Vordel

Mark O'Neill

Subscribe to Mark O'Neill: eMailAlertsEmail Alerts
Get Mark O'Neill via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Blog Feed Post

OpenID Connect (OIDC) on the Axway API Gateway

One of the great features on the latest release of the Axway API Gateway, and our API Management solution in general, is fully support for OpenID Connect (OIDC). OpenID Connect is a new specification which builds on top of OAuth 2.0, and it enables important "Social Login" use cases, among others. The OpenID Connect process follows the OAuth 2.0 three-legged authorization code flow, but with the additional concepts of an ID token and a UserInfo endpoint.

You can see in Policy Studio, there is the ability now to create an OpenID Connect Token, and associate it with claims:

We include prebuilt support for Google's OIDC implmentation, in an example flow documented below. You can see, at the bottom of the flow, that the "user_info" endpoint is called, to get info about the user (e.g. attributes). The "user_info" endpoint is one of the new features which OIDC builds on top of OAuth 2.0 itself:

Here's an example of the output from this user_info endpoint:
{ "kind": "APIManagementOpenIdConnect", "gender": "female", "sub": "sampleuser", "name": "Sample User", "given_name": "Sample", "family_name": "${User}", "picture": "https://URL.TO.IMAGE/", "email": "sampleuser@axway", "email_verified": "true", "locale": "en" }
This is all implemented in prebuilt samples, so you can see it in action in the API Gateway. See below "Use OpenID Connect" to sign in with Google (where Google is the IpD - Identity Provider) or sign in with the Axway API Gateway.

The fact that the Axway solution allows our customersto act as your their IdP is important, since it enables many so-called "Identity as a Service" (IDaaS) use cases. It means you yourself can implement "Sign in with My Company" of your own.

You can get your copy of the API Gateway, part of our API Management solution as a whole, over at www.axway.com

Read the original blog entry...

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.