This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

OAuth External Access token setting as authorization_code

Posted on 06-05-2017 05:27 AM
kumar_puli
New Member
Reply posted on --/--/---- --:-- AM

I am able to generate access token by using authorization_code internally we are setting

<ExternalAuthorization>true</ExternalAuthorization> but when I am trying to store the access token using oauth policy giving below issue:

{"ErrorCode" : "invalid_client", "Error" :"External authorization failed"}

To resolve above issue I have tried to set up clientid of the above generated auth code proxy's app and generated access token proxy's app also.

Find the below code :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 async="false" continueOnError="false" enabled="true" name="OA-Store-External-Token">
<DisplayName>OA-Store-External-Token</DisplayName>
<FaultRules/>
<Properties/>
<Attributes/>
<ExternalAuthorization>true</ExternalAuthorization>
<ClientId>{apigee.username}</ClientId>
<Operation>GenerateAccessToken</Operation>
<SupportedGrantTypes>
<!-- Optional -->
<GrantType>authorization_code</GrantType>
<GrantType>client_credentials</GrantType>
</SupportedGrantTypes>
<GenerateResponse enabled="true"/>
<ExternalAccessToken>request.queryparam.external_access_token</ExternalAccessToken>
<StoreToken>true</StoreToken>
<Tokens/>
</OAuthV2>

Testing URL:

https://api-test.abc.com/oauththirdparty/generatetoken?external_access_token=123234443abc

body parameters:

client_id:

sKfqEIpw3NKUza0Q6cep1IVETaF3qbOL

grant_type=authorizaiton_code.

Thanks,

Kumar.

0 3 678
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
willwitman
Staff
Reply posted on --/--/---- --:-- AM

Hi @kumar,

Did you set the oauth_external_authorization_status variable to true before the OAuthV2 policy executes, as explained in these instructions?

Will

0 Likes

Posted on --/--/---- --:-- AM
richarst
New Member
Reply posted on --/--/---- --:-- AM

Like Mr. Whitman in the comment above mentioned you need to set that variable to true. The policy is also looking for the client id in a specific spot either in the authorization header or in form parameter

I am attaching a sample proxy that shows a working example of this feature you should be able to derive your problem from that external-oauth-example-rev1-2017-06-07.zip

Here is a curl statement you can use to test the proxy attached.

Note: replace the {org} and {env} with your org and env and the {client_id} with your Apigee client id

curl -X POST \ 'http://{org}-{env}.apigee.net/v1/eoe/token?token=sometokenthatyoupassin&grant_type=client_credentials' \ -H 'cache-control: no-cache' \ -H 'content-type: application/x-www-form-urlencoded' \ -d 'client_id={client_id}&grant_type=client_credentials'

external-oauth-example-rev1-2017-06-07.zip
0 Likes

Posted on --/--/---- --:-- AM
kumar_puli
New Member
In response to richarst
Reply posted on --/--/---- --:-- AM

Thanks richarst for your reply.

I am using authorization_code and accesstoken in the proxy, are generated in apigee environment.

my mistake is that storing above generated authorization_code and accesstoken in external_thrid party proxy and same env.

It is always give Authorization invalid bcoz it is already avaiable on edge and same combination we cannot generate/store on edge.

To correct the above mistake, authorization_code and accesstoken should be generated from different system not on machien machne(storing and generating external code)

Thanks,

Kumar

0 Likes