This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

OAuthV2 authorization_code in response flow

Posted on 08-30-2017 07:13 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi Team,

This is a bit urgent, can anyone help on this below issue?

I am trying to generate token using OAuthV2 -> <GrantType>authorization_code</GrantType>

1. I am able to successfully generate token in preflow [by placing ] below code .

<OAuthV2 name="GenerateOAuthAccessToken2">
  <Operation>GenerateAccessToken</Operation>
  <ExpiresIn>3600000</ExpiresIn> 
  <SupportedGrantTypes>
    <GrantType>authorization_code</GrantType> 
  </SupportedGrantTypes>
  <GenerateResponse enabled="true"/>
</OAuthV2>

2. Due to some business use case, I need to use the same OAuthV2 in response flow.

I am getting below error

{"ErrorCode" : "invalid_request", "Error" :"Required param : grant_type"}

May I know, in which variable I need to set below parameters?

client_id client_secret redirect_uri grant_type - authorization_code client_id state code

0 1 134
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

If I understand your question correctly, You are saying that the policy works went placed in the pre-flow, and the policy does not work correctly when placed in the response flow.

Is that correct? If I understand correctly, then it is very surprising. I do not expect the policy to behave differently depending on whether it is attached to a PreFlow (Request or Response? you did not say) or a Conditional flow in the Response. I would like to understand your situation better.

To answer your specific question, the grant type must be specified in the form parameters of the request. You may direct your client application to use

curl -X POST $url/foo/bar/token -d 'grant_type=authorization_code&code=xyz...'

You may also explicitly set this variable: request.formparam.grant_type

Likewise for all of the other parameters, excepting the client_id and client_secret.

The client_id and client_secret are implicitly obtained from the Authorization header.

But as I said, all of this is true whether the policy resides in the PreFlow or in a Response section of a Conditional flow. So, I suspect something else is amiss here.

0 Likes