This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Accessing scopes from Javascript

Posted on 10-07-2015 03:17 AM
davissean
Staff
Reply posted on --/--/---- --:-- AM

I have a product configured with three scopes as a comma separated list - s1,s2,s3. After the VerifyApiKey policy is executed, I call a javascript policy in which I use...

scopes = context.getVariable("verifyapikey.VerifyApiKey.ValidateClientId.app.scopes");

... however I can see in the trace I am returned...

verifyapikey.VerifyApiKey.ValidateClientId.app.scopes : [Ljava.lang.String;@25af067c

Is it possible to access the list of scopes from a javascript policy?

Thanks, Sean

Solved Solved
0 4 512
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
davissean
Staff
Reply posted on --/--/---- --:-- AM

The suggestion here: http://stackoverflow.com/questions/23663591/cant-c... no longer works.

Instead I have generated a dummy access token, in order to retrieve the scopes in the generated response.

View solution in original post

Jump to Solution
4 REPLIES 4

Posted on --/--/---- --:-- AM
davissean
Staff
Reply posted on --/--/---- --:-- AM

The suggestion here: http://stackoverflow.com/questions/23663591/cant-c... no longer works.

Instead I have generated a dummy access token, in order to retrieve the scopes in the generated response.

Jump to Solution

Posted on --/--/---- --:-- AM
ksprashu
Staff
Reply posted on --/--/---- --:-- AM

@Sean Davis maybe this helps. I had a similar problem where I couldn't access deep nested variables easily. I did the following and it works. 

var strScope = context.getVariable("allowedScopes"); 

var allowedScopes = JSON.parse(strScope);  

var scopes = allowedScopes.Scopes.Scope;

tl;dr

Just get the top level variable, parse it, and use Javascript to access the nested attribtues.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
davissean
Staff
In response to ksprashu
Reply posted on --/--/---- --:-- AM

but how do you populate the allowedScopes variable? I can't find a context variable that shows me the scopes on a product.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
ksprashu
Staff
In response to davissean
Reply posted on --/--/---- --:-- AM

allowedScopes is populated by the oAuth policy itself.

Maybe you need to specify that you are interested in the scopes. My policy is as below

This was only as an example on how to access the nested attribute. In your case, you can simply do a context.getVariable("verifyapikey") since you have that available, then get at the rest via javascript after a JSON.parse().

Hope this makes sense?

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 async="false" continueOnError="false" enabled="true" name="GenerateAccessToken">
    <DisplayName>GenerateAccessToken</DisplayName>
    <ExternalAuthorization>false</ExternalAuthorization>
    <Operation>GenerateAccessToken</Operation>
    <ExpiresIn>3600</ExpiresIn>
    <SupportedGrantTypes>
        <GrantType>client_credentials</GrantType>
    </SupportedGrantTypes>
    <GrantType>request.queryparam.grant_type</GrantType>
    <Scope>request.queryparam.scope</Scope>
    <GenerateResponse enabled="true"/>
</OAuthV2>
Jump to Solution
0 Likes