Re: OAuthV2 - Set Custom Attribute with the author...

Report Inappropriate Content · 05-03-2017 07:47 AM

I need to set Cutom Attribute at the time of the authorization code generation. I used the OAuthV2 policy and add attribute in thta policy but it is not working.

I also tried with - SetOAuthV2Info policy but it is not working. I am passing custom Attribute as Request Body parameter which I am trying to retrieve using - GetAuthCodeAttributes policy by passing Bearer Access token in the Header as - Authorization. Can any one suggest where and what I am doing wrong? Policies used mentioned below

OA-GenerateAuthorizationCode Policy

-------------------------------------------------------

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 name="OA-GenerateAuthorizationCode">
<DisplayName>OA-GenerateAuthorizationCode</DisplayName>
<ExternalAuthorization>false</ExternalAuthorization>
<Operation>GenerateAuthorizationCode</Operation>
<ClientId>request.formparam.client_id</ClientId>
<ResponseType>request.formparam.response_type</ResponseType>
<Scope>request.formparam.scope</Scope>
<RedirectUri>request.formparam.redirect_uri</RedirectUri>
<UserName>request.formparam.userId</UserName>
<ExpiresIn>1800000</ExpiresIn>

Policy -OA-GetAuthCodeAttributes

-------------------------------------------------------

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<GetOAuthV2Info async="false" continueOnError="false" enabled="true" name="OA-GetAuthCodeAttributes">
<DisplayName>OA-GetAuthCodeAttributes</DisplayName>

<AuthorizationCode ref="email">email</AuthorizationCode>
<AuthorizationCode ref="given_name">given_name</AuthorizationCode>
<AuthorizationCode ref="family_name">family_name</AuthorizationCode>
</GetOAuthV2Info>

Report Inappropriate Content

I also tried with

SetOAuthV2Info policy which is below -

---------------------------------------------

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<SetOAuthV2Info async="false" continueOnError="false" enabled="true" name="OA-SetOAuthV2Info">
<DisplayName>OA-SetOAuthV2Info</DisplayName>
<AccessToken ref="authorization_code"/>
<Attributes>
<Attribute name="email" display="true" ref="email"/>
<Attribute name="given_name" display="true" ref="given_name"/>
<Attribute name="family_name" display="true" ref="family_name"/>
</Attributes>
</SetOAuthV2Info>

williamssean

Hello @RejeevChaturvedi,

<Attribute name="email" display="true" ref="email"/>
<Attribute name="given_name" display="true" ref="given_name"/>
<Attribute name="family_name" display="true" ref="family_name"/>

Do you have an AssignMessage policy that sets the email, given_name and family_name flow variables?

You mentioned that you are passing these values in the request payload as form parameters (application/x-www-form-urlencoded); if that is the case and you don't have an AssignMessage policy, then it should be as shown below:

<Attribute name="email" display="true" ref="request.formparam.email"/>
<Attribute name="given_name" display="true" ref="request.formparam.given_name"/>
<Attribute name="family_name" display="true" ref="request.formparam.family_name"/>

Report Inappropriate Content

I retrieve all Request Body parameters in the Extract Variable policy and used these variables in my - OA-GenerateAuthorizationCode policy. I cross checked in the TRACE, all variables are populated.

ceber

What do you see in trace when you generate the token? Are those variables populated as you expect?

Report Inappropriate Content

@Carlos Eberhardt

Yes, All context variables (email,given_name and family_name) populated when checked in the TRACE.
Any suggestion where this variable store in the Apigee platform? I checked in the Dev Apps - Custom Attribute in the Edge, but these are not store in the Custom Attribute.I am not getting any error when setting with either way - directly in the OAuthV2 policy or using -

SetOAuthV2Info policy.

When trying to retrieve using - GetOAuthV2Info policy, it is throwing error - not valid authorization_code. In GetOAuthV2Info policy, I am passing 'Bearer AcceeTokenValue' in Header as 'Authorization' which I got using authorization_code.

Please let me know where I am missing? Is anything extra need to do apart from above mentioned details?

Report Inappropriate Content

@swilliamsI tried with both way, directly putting values as - request.formparam.email and also using Assign Message and using context variables

Report Inappropriate Content

Yes, Variable are populated. I checked in the TRACE.

Report Inappropriate Content

Done, it is working fine.

After OA-GetAuthCodeAttributes policy need to use an Assign Message policy in which retrieve the variable provide by OA-GetAuthCodeAttributes policy like -

oauthv2authcode.{policy_name}.state

oauthv2authcode.{policy_name}.scope

oauthv2authcode.{policy_name}.id

oauthv2authcode.{policy_name}.{auth_code_custom_attribute_name}

The final Assign Message policy after OA-GetAuthCodeAttributes policy in the flow is like -

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="AM-CustomAttributeAuthCodeResponse">
<DisplayName>AM-CustomAttributeAuthCodeResponse</DisplayName>
<Set>
<Payload contentType="application/json" variablePrefix="@" variableSuffix="#">
{

"email":"@oauthv2authcode.OA-GetAuthCodeAttributes.email#",
"given_name":"@oauthv2authcode.OA-GetAuthCodeAttributes.given_name#",
"family_name":"@oauthv2authcode.OA-GetAuthCodeAttributes.family_name#"
}
</Payload>
</Set>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>

No need for SetAuthCodeAttributes policy.

Changes in GenerateAuthorizationCode policy

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 name="OA-GenerateAuthorizationCode">
<DisplayName>OA-GenerateAuthorizationCode</DisplayName>
<ExternalAuthorization>false</ExternalAuthorization>
<Operation>GenerateAuthorizationCode</Operation>
<ClientId>request.formparam.client_id</ClientId>
<ResponseType>request.formparam.response_type</ResponseType>
<Scope>request.formparam.scope</Scope>
<RedirectUri>request.formparam.redirect_uri</RedirectUri>
<UserName>request.formparam.userId</UserName>
<ExpiresIn>1800000</ExpiresIn>

<SupportedGrantTypes/>
<Attributes>
<Attribute name="email" display="true" ref="request.formparam.email"/>
<Attribute name="given_name" display="true" ref="request.formparam.given_name"/>
<Attribute name="family_name" display="true" ref="request.formparam.family_name"/>
</Attributes>
<Tokens/>
</OAuthV2>

ceber

converted this comment to answer so others can see it as the answer. 😉

Report Inappropriate Content

above code

Report Inappropriate Content

I convert your answer into code to be clear for us

After OA-GetAuthCodeAttributes policy need to use an Assign Message policy in which retrieve the variable provide by OA-GetAuthCodeAttributes policy like -

	oauthv2authcode.{policy_name}.state
	oauthv2authcode.{policy_name}.scope
	oauthv2authcode.{policy_name}.id
	oauthv2authcode.{policy_name}.{auth_code_custom_attribute_name}

The final Assign Message policy after OA-GetAuthCodeAttributes policy in the flow is like -

<?xml version="1.0" encoding="UTF-8"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="AM-CustomAttributeAuthCodeResponse">
   <DisplayName>AM-CustomAttributeAuthCodeResponse</DisplayName>
   <Set>
      <Payload contentType="application/json" variablePrefix="@" variableSuffix="#">{ 
	"email":"@oauthv2authcode.OA-GetAuthCodeAttributes.email#",
	"given_name":"@oauthv2authcode.OA-GetAuthCodeAttributes.given_name#",
	"family_name":"@oauthv2authcode.OA-GetAuthCodeAttributes.family_name#"
	}</Payload>
   </Set>
   <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
   <AssignTo createNew="false" transport="http" type="request" />
</AssignMessage>

No need for SetAuthCodeAttributes policy.

Changes in GenerateAuthorizationCode policy

	<?xml version="1.0" encoding="UTF-8"?>
<OAuthV2 name="OA-GenerateAuthorizationCode">
   <DisplayName>OA-GenerateAuthorizationCode</DisplayName>
   <ExternalAuthorization>false</ExternalAuthorization>
   <Operation>GenerateAuthorizationCode</Operation>
   <ClientId>request.formparam.client_id</ClientId>
   <ResponseType>request.formparam.response_type</ResponseType>
   <Scope>request.formparam.scope</Scope>
   <RedirectUri>request.formparam.redirect_uri</RedirectUri>
   <UserName>request.formparam.userId</UserName>
   <ExpiresIn>1800000</ExpiresIn>
   <!---Adding user info below into the Customer Attribute in th e Apigee Edge -->
   <SupportedGrantTypes />
   <Attributes>
      <Attribute name="email" display="true" ref="request.formparam.email" />
      <Attribute name="given_name" display="true" ref="request.formparam.given_name" />
      <Attribute name="family_name" display="true" ref="request.formparam.family_name" />
   </Attributes>
   <Tokens />
</OAuthV2>

OAuthV2 - Set Custom Attribute with the authorization Code