So, I'm doing a password grant flow w/ a third-party authenticator and need to set <GenerateResponse enabled="false"/>.
I found a list of all of the variables available to me but I don't see OAuth2 custom attributes being available according to here: https://docs.apigee.com/api-platform/reference/policies/oauthv2-policy#flowvariables-generateaccesst...
But I am able to create my custom json payload for successful access_tokens via:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AssignMessage async="false" continueOnError="false" enabled="true" name="AM-ReplacePayload"> <DisplayName>AM-ReplacePayload</DisplayName> <Properties/> <Set> <Payload contentType="application/json"> { "api_product_list": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.api_product_list}", "api_product_list_json": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.api_product_list_json}", "organization_name": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.organization_name}", "developer.email": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.developer.email}", "client_id": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.client_id}", "token_type": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.token_type}", "status": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.status}", "issued_at": {oauthv2accesstoken.OA-GenerateAccessToken-Password.issued_at}, "expires_in": {oauthv2accesstoken.OA-GenerateAccessToken-Password.expires_in}, "access_token": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.access_token}", "scope": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.scope}", "refresh_token_status": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.refresh_token_status}", "refresh_token_issued_at": {oauthv2accesstoken.OA-GenerateAccessToken-Password.refresh_token_issued_at}, "refresh_token_expires_in": {oauthv2accesstoken.OA-GenerateAccessToken-Password.refresh_token_expires_in}, "refresh_token": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.refresh_token}", "refresh_count": {oauthv2accesstoken.OA-GenerateAccessToken-Password.refresh_count} } </Payload> </Set> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> <AssignTo createNew="false" transport="http" type="response"/> </AssignMessage>
I tried messing around with var oauthObj = context.getVariable('oauthv2accesstoken.OA-GenerateAccessToken-Password'); in a javascript callout but I usually end up getting an error such as "blah blah blah...com.apigee.steps.oauth.v2.TokenAttributesFlowInfo@<some_memory>" denied or unavailable.
Does anyone know how to cycle through all of the keys so I can see what's available?
Solved! Go to Solution.
Hmmm, yes
I see what you're getting at.
You want to iterate through ALL of the attribute names (custom or "standard") set by a particular OauthV2 GenerateAccessToken policy.
And if you try to read the context variable "oauthv2accesstoken.POLICYNAME" from witihn a JavaScript policy, it doesn't let you look at all the variable names as you wish it would.
That is currently a limitation in the behavior of the product.
I can see that it would be nice if the JavaScript policy could retrieve all the names of these attributes.
Let me look into enhancing it to make that possible. ref: b/132700950
But in the meantime, I don't know a way to do what you want, unfortunately.
Hmmm, yes
I see what you're getting at.
You want to iterate through ALL of the attribute names (custom or "standard") set by a particular OauthV2 GenerateAccessToken policy.
And if you try to read the context variable "oauthv2accesstoken.POLICYNAME" from witihn a JavaScript policy, it doesn't let you look at all the variable names as you wish it would.
That is currently a limitation in the behavior of the product.
I can see that it would be nice if the JavaScript policy could retrieve all the names of these attributes.
Let me look into enhancing it to make that possible. ref: b/132700950
But in the meantime, I don't know a way to do what you want, unfortunately.
Thank you!
As an example, {oauthv2accesstoken.POLICYNAME.api_product_list_json} and {oauthv2accesstoken.POLICYNAME.application_name} worked even though they aren't documented.
Oh, and if you're looking for the custom attributes associated with an access token, I saw somewhere that it was {oauth2accesstoken.POLICYNAME.access_token.CUSTOM_ATTRIBUTE}.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |