This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Oauth is failing after Apigee Hybrid instance upgrade to v1.5.6

Posted on 02-11-2022 08:30 PM
praviningawale
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM
Hi,
We are using apigee hybrid instance. The admin team yesterday did an upgrade on apigee nonprod instance to 1.5.6
 
We are using oauth2.0 (client_credentials) and passing grant type as refresh token in FormParam 
 
Since the upgrade all the proxies using this oauth functionality are failing. The similar proxies are working in prod environment which are yet to be upgraded.
 
We are 400 Bad request error as below :

 

 

{
    "ErrorCode": "invalid_request",
    "Error": "Unsupported grant type : refresh_token"
}

@dknezic @dchiesa1 @Former Community Member 

Solved Solved
0 5 226
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
praviningawale
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Setting content-type in AM

<Payload contentType="application/x-www-form-urlencoded"/>

and 

continueOnError="true" in OAuthV2 policy resolved the error.

We are still now sure why it is working in production which is yet to be upgraded.

View solution in original post

Jump to Solution
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

How did you obtain the original access_token? which grant_type ?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
praviningawale
Silver 1
Silver 1
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi,

 

We are using Grant Type as 'refresh_token' only

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to praviningawale
Reply posted on --/--/---- --:-- AM

What I meant to ask was: what grant type did you use to obtain the original access token ? 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
praviningawale
Silver 1
Silver 1
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi Dino.

To get original access token we  are using 'refresh_token' grant type.

 

Below is the apigee code we are using.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ServiceCallout name="SC-GenerateToken" enabled="true" continueOnError="false" async="false">
    <DisplayName>SC-GenerateToken</DisplayName>
    <Properties/>
    <Request>
        <Set>
            <Path>{servicecallout.request.path}</Path>
            <Headers>
                <Header name="Content-Type">application/json</Header>
                <Header name="Authorization">Basic {private.Encoded64}</Header>
            </Headers>
            <FormParams>
                <FormParam name="grant_type">refresh_token</FormParam>
                <FormParam name="refresh_token">{private.refresh_token}</FormParam>
            </FormParams>
        </Set>
    </Request>
    <Response>tokenresponse</Response>
    <HTTPTargetConnection>
        <Properties/>
        <URL>http://example.com</URL>
    </HTTPTargetConnection>
</ServiceCallout>



<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage name="AssignMessage-TokenSetVariable">
    <DisplayName>AssignMessage-TokenSetVariable</DisplayName>
    <Set>
        <FormParams>
            <!--<FormParam name="client_id">Y2UyNTZkOTctMmZjYy00ODE4LWFjYTEtNzI2YmFjNWRlYWEw</FormParam>-->
            <FormParam name="client_id">{private.ClientId}</FormParam>
            <FormParam name="grant_type">refresh_token</FormParam>
        </FormParams>
    </Set>
    <AssignVariable>
        <Name>oauth_external_authorization_status</Name>
        <Value>true</Value>
    </AssignVariable>
    <AssignTo type="request" transport="http" createNew="false"/>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</AssignMessage>




<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 name="Generate-Client-Credentials-Token" enabled="true" continueOnError="false" async="false">
    <DisplayName>Generate Client-Credentials Token</DisplayName>
    <Properties/>
    <Attributes/>
    <ExternalAccessToken>WDAccess_token</ExternalAccessToken>
    <ExternalAuthorization>true</ExternalAuthorization>
    <StoreToken>true</StoreToken>
    <ReuseRefreshToken>false</ReuseRefreshToken>
    <!-- <ClientId>Y2UyNTZkOTctMmZjYy00ODE4LWFjYTEtNzI2YmFjNWRlYWEw</ClientId>-->
    <ClientId>{private.ClientId}</ClientId>
    <Operation>GenerateAccessToken</Operation>
    <SupportedGrantTypes>
        <GrantType>client_credentials</GrantType>
    </SupportedGrantTypes>
    <Tokens/>
</OAuthV2>

 

The strange part is that all proxies in prod apigee instance are working fine and it same configuration as non-prod. Prod apigee is not upgraded yet.

 

Please can you help us out as we have raised a case with Google and are they are not able to get an answer until now and this is impacting our development and critical go lives. If possible we can have quick call too to demonstrate our issue.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
praviningawale
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Setting content-type in AM

<Payload contentType="application/x-www-form-urlencoded"/>

and 

continueOnError="true" in OAuthV2 policy resolved the error.

We are still now sure why it is working in production which is yet to be upgraded.

Jump to Solution
0 Likes
Top Solution Authors
View all