I have a developer app "app1" which has access to two API products "product1" and "product2". The scopes of product1 are a,b,c and scopes of product2 are d,e,f. How can I get the combined scopes as a,b,c,d,e,f in the flow using Access Entity policy?
Solved! Go to Solution.
When you access the APP Details using Access Entity Policy like below,
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AccessEntity async="false" continueOnError="false" enabled="true" name="getAppDetails"> <DisplayName>Access Entity-1</DisplayName> <Properties/> <EntityIdentifier ref="request.queryparam.apikey" type="consumerkey"/> <EntityType value="app"/> </AccessEntity>
And a JS Policy to see the results,
print(context.getVariable("AccessEntity.getAppDetails"));
You generally see the scopes as empty. Reason behind it is you can actually assign scopes to an App too. Note that the Edge management UI / Developer Portal does not let you specify app-specific scopes. It is only possible if you use the API to create an app. You can specify the scope for an Developer App using the Create Developer APP API.
If you would like to access the scopes attached to API Products associated with App,
Its simple, just generate an access token without any scope defined. In this case, Edge generates a token that includes all of the scopes recognized by the developer app.
If you would like to selectively access scopes of API Products that are part of an App, You need to follow few steps.
Hope it helps.
I had the some requirement and failed to find the answer.
hope anyone who can help on this.
@bing wang , Welcome to Apigee Community. Just FYI, Please use comments for discussion. Answers are strictly for answers. Thank you in advance.
When you access the APP Details using Access Entity Policy like below,
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AccessEntity async="false" continueOnError="false" enabled="true" name="getAppDetails"> <DisplayName>Access Entity-1</DisplayName> <Properties/> <EntityIdentifier ref="request.queryparam.apikey" type="consumerkey"/> <EntityType value="app"/> </AccessEntity>
And a JS Policy to see the results,
print(context.getVariable("AccessEntity.getAppDetails"));
You generally see the scopes as empty. Reason behind it is you can actually assign scopes to an App too. Note that the Edge management UI / Developer Portal does not let you specify app-specific scopes. It is only possible if you use the API to create an app. You can specify the scope for an Developer App using the Create Developer APP API.
If you would like to access the scopes attached to API Products associated with App,
Its simple, just generate an access token without any scope defined. In this case, Edge generates a token that includes all of the scopes recognized by the developer app.
If you would like to selectively access scopes of API Products that are part of an App, You need to follow few steps.
Hope it helps.
Thanks Anil!! It looks like it’s important to add empty scope element (<Scope/>) in the generate accesstoken policy because if the HTTP method is POST and the request contains scope then the accesstoken scope will be the scope in the request body because Edge default scope reference is request.formparam.scope.
Very useful info. Thanks, @Anil Sagar
Anytime @Travis Spencer , Keep us posted moving forward if any.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |