This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Invalid access token on Get OAuth Info policy

Posted on 10-23-2015 08:33 AM
Not applicable
Reply posted on --/--/---- --:-- AM

I am trying to access an attribute from my access token after running the Validate OAuth Token policy and keep running into an error in the Get OAuth Info policy. There is a session_id attribute on the access token but when I try to access the access token in the policy it throws the error below:

{ "fault": { "faultstring": "Invalid Access Token", "detail": { "errorcode": "keymanagement.service.invalid_access_token" } } }

My Get OAuth Info policy is below:

  <GetOAuthV2Info name="Get-OAuth-v20-Info-3">
    <DisplayName>Get OAuth v2.0 Info-3</DisplayName>
    <AccessToken ref="request.formparam.access_token"></AccessToken>
  </GetOAuthV2Info>

Thanks for the help!

1 2 1,641
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

Hi @Jeremy Lundstrom

When you use the OAuthV2 policy to Verify an Access Token (Operation = VerifyAccessToken) , there is a side effect to verification: the policy sets context variables containing the values of all the custom attribute you have set on the token, or app, etc.

According to the doc, the policy sets the following flow variables:

  • organization_name
  • developer.id
  • developer.app.name
  • client_id
  • grant_type
  • token_type
  • access_token
  • accesstoken.{custom_attribute_name}
  • issued_at
  • expires_in
  • status
  • scope
  • apiproduct.name*
  • apiproduct.<custom_attribute_name>*

So you should not need the GetOAuthV2Info policy at all.

You can verify the presence of these variables by using the Trace screen in the Edge UI.

0 Likes

Posted on --/--/---- --:-- AM
adas
New Member
Reply posted on --/--/---- --:-- AM

@Jeremy Lundstrom Couple of things:

First of all, please make sure that you are passing the access token in the request form param as access_token=MYYHHBH12131ZXAF (or whatever is your access token value).

Secondly, if you want to retrieve the attributes irrespective of the access token status, please use the following tag in the GetOAuthV2Info policy:

<IgnoreAccessTokenStatus>true</IgnoreAccessTokenStatus>


So in your case the policy would look like:


<GetOAuthV2Infoname="Get-OAuth-v20-Info-3"><DisplayName>Get OAuth v2.0 Info-3</DisplayName><AccessTokenref="request.formparam.access_token"></AccessToken><IgnoreAccessTokenStatus>true</IgnoreAccessTokenStatus></GetOAuthV2Info>

By default this policy only returns the attributes if the token status is approved. Please let me know if this helps.

0 Likes