Solved: Error message while for invalid refersh token?

Report Inappropriate Content · 07-07-2016 12:08 AM

Hi,

If we pass invalid refresh_token and try to generate RefreshAccessToken it should throw an error.

I careted a fault rule but is not working.

I given Fault rule content as

 <FaultRule name="InvalidRefresh_token">
            <Step>
                <Name>InvalidRefresh_Token</Name>
                <Condition>(oauthV2.OAuthfor-RefreshToken.failed == true ) or (fault.name="Invalid Refresh Token" or  fault.name = "invalid_refresh_token") </Condition>
            </Step>
        </FaultRule>

In the above InvalidRefresh_Token step is a AssignMessageacitibity which having below value

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="InvalidRefresh_Token">
    <DisplayName>InvalidRefresh_Token</DisplayName>
    <Properties/>
    <Set>
        <Payload contentType="application/json">\{"error": \{"message":"{fault.name}", "detail":"Please provide valid refresh token in the Request Authorization header or the refreshToken is expired}} </Payload>
        <StatusCode>400</StatusCode>
        <ReasonPhrase>BadRequest</ReasonPhrase>
    </Set>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="responset"/>
</AssignMessage>

This not working.Is it a bug or what.

can someone look into it?

willwitman

@Binaya Kumar lenka

It looks to me like your FaultRule never executes because your conditions aren't set up to test for valid variables/values.

The following FaultRule works -- and your AssignMessage is called as expected when an invalid refresh token comes in. If you can't get it working, then please attach your proxy bundle zip as suggested. I obtained these variable names by looking at the Trace tool. They're also documented here. Hope this helps.

<FaultRules>
  <FaultRule name="InvalidRefresh_token">
     <Step>
        <Name>InvalidRefresh_Token</Name>
     </Step>
     <Condition>(oauthV2.RefreshAccessToken.fault.cause = "Invalid Refresh Token") </Condition>
  </FaultRule>
 </FaultRules>

These conditions also work -- they test true when an invalid refresh token is received:

<Condition>(oauthV2.RefreshAccessToken.fault.name Matches "invalid_token")</Condition>

or

<Condition>(oauthV2.RefreshAccessToken.failed = true)</Condition>

or

 <Condition>(fault.name Matches "invalid_request")</Condition>

And here is my OAuthV2 policy that does refresh access token:

<OAuthV2 async="false" continueOnError="false" enabled="true" name="RefreshAccessToken">
    <DisplayName>RefreshAccessToken</DisplayName>
    <ExternalAuthorization>false</ExternalAuthorization>
    <Operation>RefreshAccessToken</Operation>
</OAuthV2>

View solution in original post

DChiesa

Can you attach an api proxy bundle with a working command to demonstrate the problem?

willwitman

@Binaya Kumar lenka

It looks to me like your FaultRule never executes because your conditions aren't set up to test for valid variables/values.

The following FaultRule works -- and your AssignMessage is called as expected when an invalid refresh token comes in. If you can't get it working, then please attach your proxy bundle zip as suggested. I obtained these variable names by looking at the Trace tool. They're also documented here. Hope this helps.

<FaultRules>
  <FaultRule name="InvalidRefresh_token">
     <Step>
        <Name>InvalidRefresh_Token</Name>
     </Step>
     <Condition>(oauthV2.RefreshAccessToken.fault.cause = "Invalid Refresh Token") </Condition>
  </FaultRule>
 </FaultRules>

These conditions also work -- they test true when an invalid refresh token is received:

<Condition>(oauthV2.RefreshAccessToken.fault.name Matches "invalid_token")</Condition>

or

<Condition>(oauthV2.RefreshAccessToken.failed = true)</Condition>

or

 <Condition>(fault.name Matches "invalid_request")</Condition>

And here is my OAuthV2 policy that does refresh access token:

<OAuthV2 async="false" continueOnError="false" enabled="true" name="RefreshAccessToken">
    <DisplayName>RefreshAccessToken</DisplayName>
    <ExternalAuthorization>false</ExternalAuthorization>
    <Operation>RefreshAccessToken</Operation>
</OAuthV2>

Report Inappropriate Content

if you give <GenerateResponse enabled="true"/> then it is not working.I have to give the above option Because i need the new access and refresh token.

willwitman

Hi @Binaya Kumar lenka,

You can try this: Add an AssignMessage policy after the OAuthV2 policy to set whatever token information you want to return in the response. To do this be sure to set <GenerateResponse enabled="false"/>. On success, variables are populated with the token information. You can then use AssignMessage to return them to the client. For example:

<AssignMessage async="false" continueOnError="false" enabled="true" name="CreateTokenResponse">
    <DisplayName>CreateTokenResponse</DisplayName>
    <Properties/>
    <Add>
        <Headers>
            <Header name="x-access-token">{apigee.access_token}</Header>
            <Header name="x-refresh-token">{oauthv2accesstoken.RefreshAccessToken.refresh_token}</Header>
        </Headers>
    </Add>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>

If there's an error (a bad refresh token for instance) your fault handler will work. Hope this helps.