We have an upstream API which is protected by OAuth2. How can we proxy this backend API in Tyk open source operator gateway. Below is the flow -
When the API request comes to Tyk Gateway then it needs to make a side call to backend OAuth API which returns a Token with expiry time. This token needs to be added in header before calling the actual upstream API.
Also this token needs be cached in gateway till the expiry time and needs to be reused in next subsequent calls and token side call should be skipped if it is present in cache.
How can we implement this flow. We saw this post about service orchestration, can this approach be used for this scenario also?
Hi @Anup_Rai In order to achieve this, you will need to write a plugin.
The plugin would run on the post hook, which means it gets invoked just before proxying to the upstream service.
The plugin would contain some logic to exchange a client_id + client_secret for an access token, and then inject that into the request header for the upstream. (Client Credentials Grant). You might want to think about caching that access token for the duration of it’s validity.
An example gRPC plugin which shows what’s possible can be seen here: