Hello everybody,
I have a problem when the access token is generated in a hybrid apigee x using oauth 2, let me explain:
I have 1 product with 2 comma-separated scope (read,write) and one API added at:
I created a Proxy API to generate a client_credentials token using scopes.
Policy configuration:
When a token is required with a read scope, I get a token for that one successfully:
Scope header sent in by client:
Response:
However, when I require scope for second scope write, metadata response generates an access token for no scope at all.
Scope header sent over by client:
Response:
Same result with both spaced scopes:
Scope header sent by client:
Response:
I don't know if the issue has to do with a problem with the product configuration or anything else.
Best Regards.
I'm sorry about the delay in response here. I've been on holiday and I'm not sure why no-one else responded.
I am not certain, but I think I may have reproduced the issue you are seeing. If I am correct, i seems like a bug in the UI that is misleading you.
You've shown a snapshot the "Allowed Oauth scopes" field. Thanks, that that's helpful. I tried your basic scenario in my own organization, and did not see the results you reported. In other words, it works just as I would expect: supposing I have a product with "READ,WRITE" scope, when I request a token with READ scope, I get a token with READ. When I request a token with WRITE scope, I get a token with WRITE scope. And I can get a token with both scopes, too. It all just works.
Then I looked a little more closely at the screensnap you provided. It looks like this;
Looking a little more closely, I wondered if there was a leading space in that text field, and if it was not being properly stripped. When I fill out the form on my UI with no leading space, it looks like this (I added the red line to help visualize alignment):
When I fill out the form and purposely add a leading space, I get this:
A slight difference. Sure enough, when I use the leading space and then save the product, and query it using the apigee API, I get this:
{
"name": "New-Product-A",
"displayName": "New-Product-A",
"approvalType": "auto",
"attributes": [
{
"name": "access",
"value": "public"
}
],
"environments": [
"eval"
],
"scopes": [
" write",
"read"
],
"createdAt": "1670022064430",
"lastModifiedAt": "1673552309434",
As you can see, I've saved a scope with a leading space. That shouldn't happen. That's a bug, in the UI and in the management API - both should reject the leading space. (internal reference: b/265321035)
But when I try to use THIS product, then I cannot get a token with the "write" scope. If I then modify the product to omit the leading space, I can generate a token with the "write" scope.
Let me know if this helps you.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |