Extracting SessionID from Backend and regenerating same in oauth but
Oauth Generate Access Token is failing with
{"ErrorCode" : "invalid_client", "Error" :"Client identifier is required"}. Can you please quick help on this.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <OAuthV2 name="OAuth_GenerateToken"> <DisplayName>OAuth_GenerateToken</DisplayName> <Attributes/> <ExternalAccessToken>SessionID</ExternalAccessToken> <ExternalAuthorization>true</ExternalAuthorization> <Operation>GenerateAccessToken</Operation> <GenerateResponse enabled="true"/> <StoreToken>true</StoreToken> <SupportedGrantTypes> <GrantType>client_credentials</GrantType> </SupportedGrantTypes> <!--GrantType>message.header.grant_type</GrantType> <ClientId>message.header.Authorization</ClientId> <Authorization>message.header.Authorization</Authorization--> <Tokens/> </OAuthV2> <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <AssignMessage async="false" continueOnError="false" enabled="true" name="Assign_ExternalAccessTokenStatus"> <DisplayName>Assign_ExternalAccessTokenStatus</DisplayName> <Properties/> <!--Set> <Headers> <Header name="grant_type">client_credentials</Header> <Header name="client_id">xxxx</Header> <Header name="Authorization">Basic xxxx</Header> </Headers> </Set--> <AssignVariable> <Name>oauth_external_authorization_status</Name> <Value>true</Value> </AssignVariable> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> <!--AssignTo createNew="false" transport="http" type="response"/--> </AssignMessage>
Could you please provide more info, I am not sure what value SessionID flow var is getting? Also please put debugger on oauth policy <GenerateErrorResponseenabled='true'/> Is it failing the client id of APIGEE or third party oauth?
This works for me .
policy:
<OAuthV2 name="OAuthV2-GenerateAccessToken"> <Operation>GenerateAccessToken</Operation> <!-- ExpiresIn, in milliseconds. The ref is optional. The explicitly specified value is the default, when the variable reference cannot be resolved. 600000 = 10 minutes --> <ExpiresIn ref="flow.variable">600000</ExpiresIn> <SupportedGrantTypes> <GrantType>client_credentials</GrantType> </SupportedGrantTypes> <GenerateResponse enabled="true"/> </OAuthV2>
Request:
curl -i https://$ORG-$ENV.apigee.net/sample-1/token \ -u ${client_id}:${client_secret} \ -d 'grant_type=client_credentials'
Please find attached the working sample API proxy that dispenses tokens according to the client_credentials grant type.
To get this to work you need to:
If you want to import an externally-generated token value (eg what you have stored in SessionID), then you need a different policy and a different request.
policy:
<OAuthV2 name="OAuthV2-GenerateAccessToken-External"> <Operation>GenerateAccessToken</Operation> <ExternalAccessToken>contrived_token</ExternalAccessToken> <ExternalAuthorization>true</ExternalAuthorization> <ExpiresIn ref="flow.variable">600000</ExpiresIn> <SupportedGrantTypes> <GrantType>client_credentials</GrantType> </SupportedGrantTypes> <GenerateResponse enabled="true"/> </OAuthV2>
The policy looks for the client_id in a form param, so your request needs to be something like this:
curl -i https://$ORG-$ENV.apigee.net/sample-1/external-token \ -d "grant_type=client_credentials&client_id=${client_id}"
Or, you could use the ClientId element to specify the context variable that holds the client id.
You are seeing this error since you are trying to cache the token within Apigee. You need to provide the clientId. If not explicitly provided in the OauthV2 policyt, it is by default read from the form param
Default: | request.formparam.client_id (a x-www-form-urlencoded and specified in the request body) |
Please check the following docs -
https://docs.apigee.com/api-platform/reference/policies/oauthv2-policy
https://docs.apigee.com/api-platform/security/oauth/use-third-party-oauth-system