Hello,
I need help with regards the apigee oauth 2.0 scope. I added the scope in API Products with this format: "urn:sample:api" but I am getting below error response:
{
"fault": {
"faultstring": "Required scope(s): [urn:sample:api]",
"detail": {
"errorcode": "steps.oauth.v2.InsufficientScope"
}
}
}
Instead of this sample response:
{
"error_code": "403",
"error_summary": "forbidden",
"error_description": "InsufficientScope"
}
Thank you for any assistance/help on this.
Hi
It looks like the FaultRule you have configured is not executing. I say this because the error response you are observing is the default error issued by Apigee, when there is insufficient scope. I think you are attempting to override that error message with your FaultRule. It does not appear to be working.
The most common reason for this is that you have OTHER fault rules, and one of those other rules is executing. That would prevent the first faultrule from executing. There is one weird trick with Apigee fault rules: they are evaluated bottom to top. I am not sure why it was designed to work this way, but it does work this way. So if you have 3 faultrules and the rule that appears third in your configuration executes, the other rules are not evaluated. And, notice that you can attach a condition to a rule, or to a step within a rule. Suppose that you don't attach a condition to a faultrule. It will always execute. Even if you have 3 steps within the rule, each with conditions, and none of those conditions evaluate to true, therefore none of the steps execute, the faultrule itself will have been executed. Therefore none of the other faultrules will execute. This is by design. And it is explained in the "fault handling" section of the Apigee documentation.
BTW: If you run your API proxy through Apigeelint, it will flag a "fault rule with no condition" as a problem, and will tell you to fix it. If you have a FaultRule with no Condition, it should always be at the very top of the list of FaultRules.
If that isn't the problem, then....If I were you , I would use the Trace/Debug session facility in Apigee to see if your FaultRules are executing. And if not, you may proceed to determining why not. Maybe the FaultRules are not configured in the proper place in the PrroxyEndpoint. Maybe some other problem.
Finally - The rule you showed... is not the problem! I just tried your FaultRule, and it works just fine if there is no other fault rule. The fact that you showed only a partial configuration of your proxy, not including the "close FaultRules" element, tells me you might have an additional FaultRule lurking in there, with no Condition.
Hello Dino,
Thanks for responding!
Well, no that does not clarify for me. There is a lot going on there that I don't understand. and unfortunately I don't believe I will be able to understand.
But I can offer some general observations.
AssignMessage-406NotAcceptableException
in your FaultRule? you already have a RaiseFault for 406, attached to the preflow. The RaiseFault allows you to specify a response message. You should't need to re-assign that message in a FaultRule.one small suggestion. This
<AssignVariable>
<Name>req.sample</Name>
<Template>{req.sample}</Template>
</AssignVariable>
..doesn't do anything. If the req.sample variable holds "foo" before that AssignVariable, it will hold "foo" afterwards too. I hope you can see why.
Good luck sorting it all out!