This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Issue with Custom Response oauth2.0 Token Generation in Shared Flow

Posted on 03-15-2024 09:38 AM
eldhosepaul
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

I'm encountering an issue with a shared flow configuration involving a custom token generation response. Here's a breakdown of the problem:

Within the shared flow, I've implemented a custom response for token generation using an "Assign Message" policy to add a custom payload. Additionally, I've updated the GenerateAccessToken policy to enable GenerateResponse. While the response is indeed generated based on the custom payload, the request continues to target the endpoint, resulting in a 404 error indicating that the requested resource is not found. My expectation is to receive the custom payload response without the request proceeding to the target endpoint. Did i miss something? Raisefault not feasible for me 😞

eldhosepaul_1-1710520374822.png

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<SharedFlow name="default">
  <Step>
    <Name>OAuthV2-GenerateAccessToken</Name>
    <Condition>(proxy.pathsuffix MatchesPath "/token") and (request.verb = "POST")</Condition>
  </Step>
  <Step>
    <Name>AM-CustomResponse</Name>
    <Condition>(proxy.pathsuffix MatchesPath "/token") and (request.verb = "POST")</Condition>
  </Step>
  <Step>
    <Name>OAuthV2-VerifyAccessToken</Name>
    <Condition>Not(proxy.pathsuffix MatchesPath "/token")</Condition>
  </Step>
</SharedFlow>

 

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 continueOnError="false" enabled="true" name="OAuthV2-GenerateAccessToken">
  <DisplayName>OAuthV2-GenerateAccessToken</DisplayName>
  <ExpiresIn>1800000</ExpiresIn>
  <SupportedGrantTypes>
    <GrantType>client_credentials</GrantType>
  </SupportedGrantTypes>
  <Properties/>
  <Attributes/>
  <ExternalAuthorization>false</ExternalAuthorization>
  <Operation>GenerateAccessToken</Operation>
  <GenerateResponse enabled="false"/>
  <Tokens/>
  <RFCCompliantRequestResponse>true</RFCCompliantRequestResponse>
</OAuthV2>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage continueOnError="false" enabled="true" name="AM-CustomResponse">
  <DisplayName>AM-CustomResponse</DisplayName>
  <Properties/>
  <Set>
    <Payload contentType="application/json">
      {
        "access_token": "{oauthv2accesstoken.OAuthV2-GenerateAccessToken.access_token}",
        "expires": "{oauthv2accesstoken.OAuthV2-GenerateAccessToken.expires_in}",
        "token_type": "{oauthv2accesstoken.OAuthV2-GenerateAccessToken.token_type}",
        "status": "{oauthv2accesstoken.OAuthV2-GenerateAccessToken.refresh_token_status}"
      }
      </Payload>
  </Set>
  <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
  <AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>

 

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ProxyEndpoint name="default">
  <DefaultFaultRule name="all">
    <AlwaysEnforce>true</AlwaysEnforce>
    <Step>
      <Name>FC-CustomException</Name>
    </Step>
  </DefaultFaultRule>
  <PreFlow name="PreFlow">
    <Request>
      <Step>
        <Name>FC-AuthFlow</Name>
      </Step>
    </Request>
    <Response>
    </Response>
  </PreFlow>
  <Flows/>
  <PostFlow>
    <Response>
      <Step>
        <Name>FC-CustomResponse</Name>
      </Step>
    </Response>
    <Request/>
  </PostFlow>
  <HTTPProxyConnection>
    <BasePath>/say-hello</BasePath>
  </HTTPProxyConnection>
  <RouteRule name="default">
    <TargetEndpoint>default</TargetEndpoint>
  </RouteRule>
</ProxyEndpoint>

 

 

 

 

 

 

0 3 96
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
chrismca73
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Hi @eldhosepaul 

Can you please try adding condition in the target endpoint RoureRule to skip them.

 

<Condition>!(proxy.pathsuffix MatchesPath "/token")</Condition>

understanding-routes 

0 Likes

Posted on --/--/---- --:-- AM
eldhosepaul
Bronze 2
Bronze 2
In response to chrismca73
Reply posted on --/--/---- --:-- AM

@chrismca73 

Thank you for your attention to this issue. While the proposed solution may work, I'm exploring more generic approaches. Implementing this solution would necessitate users to add conditions for all proxies, which might not be the efficient method. My aim is to develop reusable policies to ensure seamless creation of new proxies.

0 Likes

Posted on --/--/---- --:-- AM
chrismca73
Bronze 4
Bronze 4
In response to eldhosepaul
Reply posted on --/--/---- --:-- AM

For your case I would suggest you to create a dedicated proxy(NoTarget) to serve OAuth Tokens, which will be usable in the environment wide to get the required token.

And in each proxy you can keep VerifyAccessToken policy as entry check point.

Top Solution Authors
View all