Configuring 3Scale Product for OIDC

3scale Product Overview

A 3scale product is a customer facing API. Products facilitate the creation of strong and simplified offerings for API consumers. In this section we will configure a 3scale product. Later we will use the Istio Ingress to the BookInfo application (created in the previous step) directly as an API Product in 3scale, using the 3scale Istio WASM module

Login to 3scale

  1. If you are not already logged into 3scale, please follow these steps. Log into 3scale using the below URL. (Do not forget to replace the cluster wildcard url)

    https://3scale-admin.{cluster wildcard url}

  2. You can retrieve the login credentials using the OpenShift Console UI. Select 3scale project and Navigate to Developer > Secrets and search for system-seed

    seed nav

  3. From the system-seed secret you can retrieve the admin_access_token (we will use this later in our lab), admin_user, admin_password used to login to 3scale. Login to the 3scale admin portal by using the admin_user and admin_password.

    admin cred

  4. Once you login to the 3scale admin portal, close the on boarding Wizard to land directly on the dashboard.

    onboarding 3scale

Create a 3scale Product

  1. From the 3scale Dashboard, Click on Create Product

    create prod

  2. You can give the product any name. Let’s name the product wasm-oidc-demo and click on Create Product

    wasm oidc demo

  3. Go to Integration→Settings and choose Istio as the deployment. Under Authentication select OpenID Connect Use OpenID Connect for any OAuth 2.0 flow

    istio oidc

  4. On the same screen under OPENID CONNECT (OIDC) BASICS enter the https://3scale-zync:zync-secret@{keycloak url}/auth/realms/threescale in the OpenID Connect Issuer text box. Do not forget to replace the keycloak url. Keycloak URL can be obtained using the below command

    oc get route keycloak -o jsonpath="{.spec.host}{.spec.path}" -n keycloak
    kc url

  5. On the same screen under OPENID Authorization Flow Select Authorization Code Flow and Service Accounts Flow. Click Update Product at the bottom of the screen

    authflow

  6. Go to Integration→Configuration and Hit Update Configuration

    oidc update config

  7. Go to Application > Application plans and Click Create Application Plan

    oidc create app plan

  8. You can give the plan any name. Let’s name the plan wasm-oidc-basic and Click Create Application Plan

    oidc plan screen

  9. Click on the plan name to add rate limiting

    oidc plan name

  10. Scroll down and click on Limits and then on New usage limit

    new usage limit

  11. Select minute from the period and set the Max value as 8 .This means that users will be restricted to 8 call/min when they call the API . Click on create usage limit

    limit 8

  12. Scroll back up and click on Update Application Plan

    update app plan

  13. Click on the Kebab menu and publish the Application Plan.

    publish kebab

  14. Go to the Product Overview and take note of the ID given to the API Product(This will be used in later steps)

    prod id oidc

After completion please proceed to next section: Enable API Management