Solved: open API spec file for OAuth flows

bmdsubrahmanyam · 09-16-2020 03:25 PM

Hello,

We are working on OAuth2 password and client credentials scenarios. So we created 2 APIs(provider and consumer ) and added APIs to the product, added product to the app. we need to publish the APIs to the portal.

At present we created single spec file relates to consumer API and added security at method level, security Schemes(with type, flows,token URL(provider API URL), scopes) under components. After publishing authorise button is enabled in portal. Here we are getting authorisation failed error even though correct credentials given..

1) For this do we need to create separate spec files for both the APIs or single spec file ?

2) How the consumer api get the token if we use single spec file for the both apis ?

3) How the flow executes?

Thanks.

ssvaidyanathan

@subrahmanyam battula - I think you are doing the right think. I am assuming that you are getting a CORS error. Please enable the Developer tools on your browser and make a call to get a token from the portal, you should see an error. This is due to CORS. You will need to include that to all your proxies. For more info, check this link. The link also has an example repo you can look at for reference.

View solution in original post

ssvaidyanathan

@subrahmanyam battula - I think you are doing the right think. I am assuming that you are getting a CORS error. Please enable the Developer tools on your browser and make a call to get a token from the portal, you should see an error. This is due to CORS. You will need to include that to all your proxies. For more info, check this link. The link also has an example repo you can look at for reference.

bmdsubrahmanyam

@sai Saran Vaidyanathan thanks for your response

We already added CORS and option pre flight at api level. After adding client id and client secret in Authorization at developer portal its throwing authorization failed error but hit is recorded at Apigee edge trace with 200 response i.e. token is generated. The generated token is not reaching to the consumer API

PFA of spec file which we defined for reference.

Thanks.

open-api.jpeg

ssvaidyanathan

Thanks for that info. Can you please check what the TokenType value set by the OAuth proxy? By default Apigee sets it as "BearerToken" and the portal uses that while making the actual API call. So please update your OAuth proxy to use "Bearer" as the tokenType

Just add a JavaScript policy after the OAuth policy (in the Response flow) with the following code

var newResponse = response.content.asJSON;
newResponse.token_type = "Bearer";

response.content.asJSON = newResponse;

bmdsubrahmanyam

@saisaranvaidyanthan

I tried by adding above code but still its not reaching to the consumer api. At provider api response is generated successfully but at consumer api 401 invalid access token error is generated.

ssvaidyanathan

Can you please enable trace on both OAuth proxy and the Consumer API proxy? See what is happening and if possible, download the trace files from both and share it here, so that I can take a look.

bmdsubrahmanyam

@saisaranvaidyanthan

Thank you very much.

The above mentioned js code worked for my OAuth scenario.