I need to set Cutom Attribute at the time of the authorization code generation. I used the OAuthV2 policy and add attribute in thta policy but it is not working.
I also tried with - SetOAuthV2Info policy but it is not working. I am passing custom Attribute as Request Body parameter which I am trying to retrieve using - GetAuthCodeAttributes policy by passing Bearer Access token in the Header as - Authorization. Can any one suggest where and what I am doing wrong? Policies used mentioned below
OA-GenerateAuthorizationCode Policy
-------------------------------------------------------
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 name="OA-GenerateAuthorizationCode">
<DisplayName>OA-GenerateAuthorizationCode</DisplayName>
<ExternalAuthorization>false</ExternalAuthorization>
<Operation>GenerateAuthorizationCode</Operation>
<ClientId>request.formparam.client_id</ClientId>
<ResponseType>request.formparam.response_type</ResponseType>
<Scope>request.formparam.scope</Scope>
<RedirectUri>request.formparam.redirect_uri</RedirectUri>
<UserName>request.formparam.userId</UserName>
<ExpiresIn>1800000</ExpiresIn>
<!---Adding user info below into the Customer Attribute in th e Apigee Edge -->
<SupportedGrantTypes/>
<Attributes>
<Attribute name="email" display="true" ref="email"/>
<Attribute name="given_name" display="true" ref="given_name"/>
<Attribute name="family_name" display="true" ref="family_name"/>
</Attributes>
<Tokens/>
</OAuthV2>
Policy -OA-GetAuthCodeAttributes
-------------------------------------------------------
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<GetOAuthV2Info async="false" continueOnError="false" enabled="true" name="OA-GetAuthCodeAttributes">
<DisplayName>OA-GetAuthCodeAttributes</DisplayName>
<AuthorizationCode ref="email">email</AuthorizationCode>
<AuthorizationCode ref="given_name">given_name</AuthorizationCode>
<AuthorizationCode ref="family_name">family_name</AuthorizationCode>
</GetOAuthV2Info>
I also tried with
SetOAuthV2Info policy which is below -
---------------------------------------------
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<SetOAuthV2Info async="false" continueOnError="false" enabled="true" name="OA-SetOAuthV2Info">
<DisplayName>OA-SetOAuthV2Info</DisplayName>
<AccessToken ref="authorization_code"/>
<Attributes>
<Attribute name="email" display="true" ref="email"/>
<Attribute name="given_name" display="true" ref="given_name"/>
<Attribute name="family_name" display="true" ref="family_name"/>
</Attributes>
</SetOAuthV2Info>
Hello @RejeevChaturvedi,
<Attribute name="email" display="true" ref="email"/>
<Attribute name="given_name" display="true" ref="given_name"/>
<Attribute name="family_name" display="true" ref="family_name"/>
Do you have an AssignMessage policy that sets the email, given_name and family_name flow variables?
You mentioned that you are passing these values in the request payload as form parameters (application/x-www-form-urlencoded); if that is the case and you don't have an AssignMessage policy, then it should be as shown below:
<Attribute name="email" display="true" ref="request.formparam.email"/>
<Attribute name="given_name" display="true" ref="request.formparam.given_name"/>
<Attribute name="family_name" display="true" ref="request.formparam.family_name"/>
I retrieve all Request Body parameters in the Extract Variable policy and used these variables in my - OA-GenerateAuthorizationCode policy. I cross checked in the TRACE, all variables are populated.
What do you see in trace when you generate the token? Are those variables populated as you expect?
Yes, All context variables (email,given_name and family_name) populated when checked in the TRACE.
Any suggestion where this variable store in the Apigee platform? I checked in the Dev Apps - Custom Attribute in the Edge, but these are not store in the Custom Attribute.I am not getting any error when setting with either way - directly in the OAuthV2 policy or using -
SetOAuthV2Info policy.
When trying to retrieve using - GetOAuthV2Info policy, it is throwing error - not valid authorization_code. In GetOAuthV2Info policy, I am passing 'Bearer AcceeTokenValue' in Header as 'Authorization' which I got using authorization_code.
Please let me know where I am missing? Is anything extra need to do apart from above mentioned details?
@swilliamsI tried with both way, directly putting values as - request.formparam.email and also using Assign Message and using context variables
Yes, Variable are populated. I checked in the TRACE.
Done, it is working fine.
After OA-GetAuthCodeAttributes policy need to use an Assign Message policy in which retrieve the variable provide by OA-GetAuthCodeAttributes policy like -
oauthv2authcode.{policy_name}.state
oauthv2authcode.{policy_name}.scope
oauthv2authcode.{policy_name}.id
oauthv2authcode.{policy_name}.{auth_code_custom_attribute_name}
The final Assign Message policy after OA-GetAuthCodeAttributes policy in the flow is like -
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="AM-CustomAttributeAuthCodeResponse">
<DisplayName>AM-CustomAttributeAuthCodeResponse</DisplayName>
<Set>
<Payload contentType="application/json" variablePrefix="@" variableSuffix="#">
{
"email":"@oauthv2authcode.OA-GetAuthCodeAttributes.email#",
"given_name":"@oauthv2authcode.OA-GetAuthCodeAttributes.given_name#",
"family_name":"@oauthv2authcode.OA-GetAuthCodeAttributes.family_name#"
}
</Payload>
</Set>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>
No need for SetAuthCodeAttributes policy.
Changes in GenerateAuthorizationCode policy
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 name="OA-GenerateAuthorizationCode">
<DisplayName>OA-GenerateAuthorizationCode</DisplayName>
<ExternalAuthorization>false</ExternalAuthorization>
<Operation>GenerateAuthorizationCode</Operation>
<ClientId>request.formparam.client_id</ClientId>
<ResponseType>request.formparam.response_type</ResponseType>
<Scope>request.formparam.scope</Scope>
<RedirectUri>request.formparam.redirect_uri</RedirectUri>
<UserName>request.formparam.userId</UserName>
<ExpiresIn>1800000</ExpiresIn>
<!---Adding user info below into the Customer Attribute in th e Apigee Edge -->
<SupportedGrantTypes/>
<Attributes>
<Attribute name="email" display="true" ref="request.formparam.email"/>
<Attribute name="given_name" display="true" ref="request.formparam.given_name"/>
<Attribute name="family_name" display="true" ref="request.formparam.family_name"/>
</Attributes>
<Tokens/>
</OAuthV2>
converted this comment to answer so others can see it as the answer. 😉
above code
I convert your answer into code to be clear for us
After OA-GetAuthCodeAttributes policy need to use an Assign Message policy in which retrieve the variable provide by OA-GetAuthCodeAttributes policy like -
oauthv2authcode.{policy_name}.state oauthv2authcode.{policy_name}.scope oauthv2authcode.{policy_name}.id oauthv2authcode.{policy_name}.{auth_code_custom_attribute_name}
The final Assign Message policy after OA-GetAuthCodeAttributes policy in the flow is like -
<?xml version="1.0" encoding="UTF-8"?> <AssignMessage async="false" continueOnError="false" enabled="true" name="AM-CustomAttributeAuthCodeResponse"> <DisplayName>AM-CustomAttributeAuthCodeResponse</DisplayName> <Set> <Payload contentType="application/json" variablePrefix="@" variableSuffix="#">{ "email":"@oauthv2authcode.OA-GetAuthCodeAttributes.email#", "given_name":"@oauthv2authcode.OA-GetAuthCodeAttributes.given_name#", "family_name":"@oauthv2authcode.OA-GetAuthCodeAttributes.family_name#" }</Payload> </Set> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> <AssignTo createNew="false" transport="http" type="request" /> </AssignMessage>
No need for SetAuthCodeAttributes policy.
Changes in GenerateAuthorizationCode policy
<?xml version="1.0" encoding="UTF-8"?> <OAuthV2 name="OA-GenerateAuthorizationCode"> <DisplayName>OA-GenerateAuthorizationCode</DisplayName> <ExternalAuthorization>false</ExternalAuthorization> <Operation>GenerateAuthorizationCode</Operation> <ClientId>request.formparam.client_id</ClientId> <ResponseType>request.formparam.response_type</ResponseType> <Scope>request.formparam.scope</Scope> <RedirectUri>request.formparam.redirect_uri</RedirectUri> <UserName>request.formparam.userId</UserName> <ExpiresIn>1800000</ExpiresIn> <!---Adding user info below into the Customer Attribute in th e Apigee Edge --> <SupportedGrantTypes /> <Attributes> <Attribute name="email" display="true" ref="request.formparam.email" /> <Attribute name="given_name" display="true" ref="request.formparam.given_name" /> <Attribute name="family_name" display="true" ref="request.formparam.family_name" /> </Attributes> <Tokens /> </OAuthV2>