Hi,
If we pass invalid refresh_token and try to generate RefreshAccessToken it should throw an error.
I careted a fault rule but is not working.
I given Fault rule content as
<FaultRule name="InvalidRefresh_token"> <Step> <Name>InvalidRefresh_Token</Name> <Condition>(oauthV2.OAuthfor-RefreshToken.failed == true ) or (fault.name="Invalid Refresh Token" or fault.name = "invalid_refresh_token") </Condition> </Step> </FaultRule>
In the above InvalidRefresh_Token step is a AssignMessageacitibity which having below value
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AssignMessage async="false" continueOnError="false" enabled="true" name="InvalidRefresh_Token"> <DisplayName>InvalidRefresh_Token</DisplayName> <Properties/> <Set> <Payload contentType="application/json">\{"error": \{"message":"{fault.name}", "detail":"Please provide valid refresh token in the Request Authorization header or the refreshToken is expired}} </Payload> <StatusCode>400</StatusCode> <ReasonPhrase>BadRequest</ReasonPhrase> </Set> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> <AssignTo createNew="false" transport="http" type="responset"/> </AssignMessage>
This not working.Is it a bug or what.
can someone look into it?
Solved! Go to Solution.
@Binaya Kumar lenka
It looks to me like your FaultRule never executes because your conditions aren't set up to test for valid variables/values.
The following FaultRule works -- and your AssignMessage is called as expected when an invalid refresh token comes in. If you can't get it working, then please attach your proxy bundle zip as suggested. I obtained these variable names by looking at the Trace tool. They're also documented here. Hope this helps.
<FaultRules> <FaultRule name="InvalidRefresh_token"> <Step> <Name>InvalidRefresh_Token</Name> </Step> <Condition>(oauthV2.RefreshAccessToken.fault.cause = "Invalid Refresh Token") </Condition> </FaultRule> </FaultRules>
These conditions also work -- they test true when an invalid refresh token is received:
<Condition>(oauthV2.RefreshAccessToken.fault.name Matches "invalid_token")</Condition>
or
<Condition>(oauthV2.RefreshAccessToken.failed = true)</Condition>
or
<Condition>(fault.name Matches "invalid_request")</Condition>
And here is my OAuthV2 policy that does refresh access token:
<OAuthV2 async="false" continueOnError="false" enabled="true" name="RefreshAccessToken"> <DisplayName>RefreshAccessToken</DisplayName> <ExternalAuthorization>false</ExternalAuthorization> <Operation>RefreshAccessToken</Operation> </OAuthV2>
Can you attach an api proxy bundle with a working command to demonstrate the problem?
@Binaya Kumar lenka
It looks to me like your FaultRule never executes because your conditions aren't set up to test for valid variables/values.
The following FaultRule works -- and your AssignMessage is called as expected when an invalid refresh token comes in. If you can't get it working, then please attach your proxy bundle zip as suggested. I obtained these variable names by looking at the Trace tool. They're also documented here. Hope this helps.
<FaultRules> <FaultRule name="InvalidRefresh_token"> <Step> <Name>InvalidRefresh_Token</Name> </Step> <Condition>(oauthV2.RefreshAccessToken.fault.cause = "Invalid Refresh Token") </Condition> </FaultRule> </FaultRules>
These conditions also work -- they test true when an invalid refresh token is received:
<Condition>(oauthV2.RefreshAccessToken.fault.name Matches "invalid_token")</Condition>
or
<Condition>(oauthV2.RefreshAccessToken.failed = true)</Condition>
or
<Condition>(fault.name Matches "invalid_request")</Condition>
And here is my OAuthV2 policy that does refresh access token:
<OAuthV2 async="false" continueOnError="false" enabled="true" name="RefreshAccessToken"> <DisplayName>RefreshAccessToken</DisplayName> <ExternalAuthorization>false</ExternalAuthorization> <Operation>RefreshAccessToken</Operation> </OAuthV2>
if you give <GenerateResponse enabled="true"/> then it is not working.I have to give the above option Because i need the new access and refresh token.
You can try this: Add an AssignMessage policy after the OAuthV2 policy to set whatever token information you want to return in the response. To do this be sure to set <GenerateResponse enabled="false"/>. On success, variables are populated with the token information. You can then use AssignMessage to return them to the client. For example:
<AssignMessage async="false" continueOnError="false" enabled="true" name="CreateTokenResponse"> <DisplayName>CreateTokenResponse</DisplayName> <Properties/> <Add> <Headers> <Header name="x-access-token">{apigee.access_token}</Header> <Header name="x-refresh-token">{oauthv2accesstoken.RefreshAccessToken.refresh_token}</Header> </Headers> </Add> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> <AssignTo createNew="false" transport="http" type="response"/> </AssignMessage>
If there's an error (a bad refresh token for instance) your fault handler will work. Hope this helps.