OAuth GenerateAuthorizationCode redirect with urn not working

We are using GenerateAuthorizationCode in the response flow. When we set callback URL http://localhost:8000/callback the redirect works. When we set callback URL urn:ietf:wg:oauth:2.0:oob the actual HTTP redirect location gets truncated after urn:

HTTP/1.1 302 Found
Location: urn:?scope=123&state=xyz&code=abc
Content-Length: 0
Connection: keep-alive
Solved Solved
1 3 803
1 ACCEPTED SOLUTION

Hi @Vineet Bhatia

I have done this successfully with oob callback URLs. My AssignMessage looks like this:

<AssignMessage name='AssignMessage-AuthzCodeResponse'>
  <DisplayName>AssignMessage-AuthzCodeResponse</DisplayName>
  <Description>Assigns the response message for an /authorize call</Description>
  <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
  <!-- see https://apigeesc.atlassian.net/browse/BID-5589 -->
  <AssignTo createNew='true' type='response'>response</AssignTo>
  <Remove>
    <Payload>true</Payload>
  </Remove>
  <Set>
    <StatusCode>302</StatusCode>
    <ReasonPhrase>Found</ReasonPhrase>
    <Headers>
      <!-- 
           at this point, the rquest.formparam.scope holds the requested
           scopes, separated by commas.  The
           oauthv2authcode.OAuthV2-GenerateAuthorizationCode.scope
           variable holds the granted scopes separated by space.
      -->
      <Header name="Location">{oauthv2authcode.OAuthV2-GenerateAuthorizationCode.redirect_uri}?code={oauthv2authcode.OAuthV2-GenerateAuthorizationCode.code}&scope={request.formparam.scope}</Header>
    </Headers>
  </Set>

  <!-- Set this flow variable to indicate the response has been set -->
  <AssignVariable>
    <Name>flowResponse.ready</Name>
    <Value>true</Value>
  </AssignVariable>


</AssignMessage>


Does this work for you?

And here's a snap of the Trace UI showing this actually working:

1404-screenshot-20151028-175240.png

View solution in original post

3 REPLIES 3

Has anyone seen in the community encountered this issue? Is it possible to change the redirect location to the correct value of "application redirect url" after GenerateAuthorizationCode by using assign-message policy?

Hi @Vineet Bhatia

I have done this successfully with oob callback URLs. My AssignMessage looks like this:

<AssignMessage name='AssignMessage-AuthzCodeResponse'>
  <DisplayName>AssignMessage-AuthzCodeResponse</DisplayName>
  <Description>Assigns the response message for an /authorize call</Description>
  <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
  <!-- see https://apigeesc.atlassian.net/browse/BID-5589 -->
  <AssignTo createNew='true' type='response'>response</AssignTo>
  <Remove>
    <Payload>true</Payload>
  </Remove>
  <Set>
    <StatusCode>302</StatusCode>
    <ReasonPhrase>Found</ReasonPhrase>
    <Headers>
      <!-- 
           at this point, the rquest.formparam.scope holds the requested
           scopes, separated by commas.  The
           oauthv2authcode.OAuthV2-GenerateAuthorizationCode.scope
           variable holds the granted scopes separated by space.
      -->
      <Header name="Location">{oauthv2authcode.OAuthV2-GenerateAuthorizationCode.redirect_uri}?code={oauthv2authcode.OAuthV2-GenerateAuthorizationCode.code}&scope={request.formparam.scope}</Header>
    </Headers>
  </Set>

  <!-- Set this flow variable to indicate the response has been set -->
  <AssignVariable>
    <Name>flowResponse.ready</Name>
    <Value>true</Value>
  </AssignVariable>


</AssignMessage>


Does this work for you?

And here's a snap of the Trace UI showing this actually working:

1404-screenshot-20151028-175240.png

Thanks for replying @Dino Yes it should work. Variable names in my flow are different and changing "&scope". Also thank you a bunch for sharing the slides/code on generating JWT using JOSE4J from the conference. Sorry I missed it.