google-auth-sidecar
This service is meant to run as a sidecar to the Apigee Runtime (also known as Message Processor). The service takes a Google Cloud Service Account as a parameter and obtains an OAuth Access Token.
Use Case
This service is meant to be used with the Apigee hybrid API Runtime. When developing API Proxies on Apigee, a developer may want to interact with Google Cloud Services. Google Cloud Services are available on *.googleapis.com
and require an OAuth access token to access the services through APIs.
A typical pattern/example would be:
- Instantiate the
google-auth-sidecar
services as a service or as a sidecar to the Message Processor
- Use a Service Callout policy to invoke the
google-auth-sidecar
service. The response contains an access token
- Use the access token to make a subsequent API call to any of the Google APIs
- For performance optimization, use the Apigee cache policy and cache the token for a few seconds less than the token expiry
Samples
A shared flow that generates and cache the token.
Three samples that makes use of the shared flow:
Install the Google Auth Sidecar
Modify the kubernetes manifest and deploy it to Kubernetes. For example:
kubectl create secret -n {namespace} generic google-auth-sidecar-svc-account --from-file client_secret.json
kubectl apply -n namespace -f google-auth-sidecar.yaml
NOTE: Be sure to name the service account file as client_secret.json
if you are using the kubernetes yaml as-is
Usage
Input:
curl 0.0.0.0:8080/token
Output:
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
> GET /token HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=UTF-8
< Date: xx, 00 Xxx 20xx 00:00:00 GMT
< Content-Length: 195
<
{"access_token":"xxx","expires_in":3600,"token_type":"Bearer"}