Adding custom attributes to OAuthV2 generated token

Not applicable

Hi,

In my use-case I am trying to add some custom attributes to the OAuth token that I am generating. Hence I am using the following piece of code:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 async="false" continueOnError="false" enabled="true" name="Generate-Access-Token">
    <DisplayName>Generate-Access-Token</DisplayName>
    <ExternalAuthorization>false</ExternalAuthorization>
    <Operation>GenerateAccessToken</Operation>
    <SupportedGrantTypes>
        <GrantType>password</GrantType>
    </SupportedGrantTypes>
    <Attributes>
        <Attribute name="custom-tags" ref="registered.custom-tags"/>
    </Attributes>
    <GenerateResponse enabled="true"/>
    <Tokens/>
</OAuthV2>

Now when I make a call to it, I get the "custom-tags" as another attribute in the token returned.

This works good as long as "custom-tags" is a string. How do I insert a JSON node segment there?

For e.g., I need to add the following custom attributes:

"custom-tags": {"name": "Ritwik", "id":"1234"}

Update: I have posted another question here. I believe these 2 are related.

Solved Solved
0 8 5,750
1 ACCEPTED SOLUTION

Hi @Ritwik Chatterjee

I tried a sample proxy which extracts a JSON nodeset and assign to the OAuth attribute.

<Attributes>
        <Attribute name="custom-tags" ref="customTagVariable"/>
    </Attributes>

In the response of the Oauth GenerateAccessToken call, i saw the attribute value with escape characters (see response sample below).

I assume the Generate Response of Oauth is doing a stringify on the custom attributes, hence its showing the escape characters in the response. You can ignore that and just use the access token as thats what you need for the functional API calls.

{
  "issued_at": "1459460185473",
  "application_name": "e3475bfc-939c-425b-b10e-5a42ca4d1279",
  "scope": "",
  "status": "approved",
  "api_product_list": "[ABCProduct]",
  "expires_in": "3599",
  "developer.email": "sfdfgdfg",
  "token_type": "BearerToken",
  "client_id": "sdfsfs",
  "access_token": "DnKdHRiDmbQsrj1ZguvkuLxRadom",
  "organization_name": "dgddfg",
  "refresh_token_expires_in": "0",
  "custom-tags": "{\"lat\":37.3382082,\"lng\":-121.8863286}",
  "refresh_count": "0"
}

However, I wrote another proxy that has an OAuth policy to validate the access token and also retrieved the custom attributes, I don't see the escape characters on the trace tool. See screenshot below (marked within red)

2310-screen-shot-2016-03-31-at-25501-pm.png

In my Javascript policy after the VerifyAccessToken OAuth policy, I tried to retrieve the object

context.getVariable("accesstoken.custom-tags")

Looks like its a String object. I ran a typeof on the context variable.

Since its converting to String - you might have to use JSON.parse and use Object.keys to fetch the keys and iterate them through to fetch values, if required or else, just pass it on as JSON object.

Though this could fix your problem, I would recommend defining a structure of JSON that you want to store as attributes as it could get tough to handle all scenarios and could break the target systems. With the defined attributes structure, you control what you want to store as part of the token generation

Let me know if you have any questions.

View solution in original post

8 REPLIES 8

@Ritwik Chatterjee

Will the custom-tags attributes change dynamically or will it be the same set of attributes, in this case "name" and "id" ?

In other words, is it a defined, controlled node-set structure?

@Sai Saran Vaidyanathan

In my case, the custom tags are set at user enrollment. So for the current flow purposes it can be considered as static values retrieved from a previous step (may be a call to another backend service/retrieved from DB)

However, different users might have different set of custom-tags. For e.g.:

User 1: "custom-tags":{"name":"Ritwik","id":"1234"}
User 2: "custom-tags":{"first-name":"Ritwik","last-name":"chatterjee"}

I need the entire custom tag to be returned to the application. The application will have the intelligence to interpret the tag - much the same way it has the intelligence to interpret any custom attributes.

Hi Ritwik Chatterjee,

Please let me know if you are trying to add custom attribute with attribte name as custom-tags and value as {"name":"Ritwik","id":"1234"}.

If so, you can extract the Json nodeset using ExtractVariables policy as

<JSONPayload>

<Variable name="reg.custom-tags" type="nodeset">

<JSONPath>provide json path here<JSONPath>

</Variable>

</JSONPayload>

While generating the accesstoken you can set the attribute as :

<Attributes>

<Attribute name="custom-tags" ref="reg.custom-tags"/>

</Attributes>

The attribute can be retrieved as accesstoken.custom-tags.

It will be retrieved as :

{"name":"Ritwik","id":"1234"}

Please let me know if this helps.

Hi @GargiTalukdar

When I do what you have mentioned above, I get some escape characters in the output. See my related question here.

@Ritwik Chatterjee

Thanks for clarifying. In that case, can you try the javascript escape and unescape methods? I tried this example on jsfiddle

Escape and assign to a variable and then after retrieving from attributes, unescape the same

Not applicable

Hi Ritwiki, You can also use the Set OAuth policy to do that in a "cleaner" way. Here an example:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<SetOAuthV2Info async="false" continueOnError="false" enabled="true" name="OAuthV2.SetInfo">
    <DisplayName>OAuthV2.SetInfo</DisplayName>
    <AccessToken ref="oauthv2accesstoken.OAuthV2.GenerateAccessToken.access_token"/>
    <Attributes>
	    <Attribute name="user.id" ref="custom.username"></Attribute>
  </Attributes>
</SetOAuthV2Info>

With this policy you add custom attribute custom.username to the generated access token.

Be careful because as result of using this policy available variables are the one for SetOAuthInfo, see documentation here.

Hi @Ritwik Chatterjee

I tried a sample proxy which extracts a JSON nodeset and assign to the OAuth attribute.

<Attributes>
        <Attribute name="custom-tags" ref="customTagVariable"/>
    </Attributes>

In the response of the Oauth GenerateAccessToken call, i saw the attribute value with escape characters (see response sample below).

I assume the Generate Response of Oauth is doing a stringify on the custom attributes, hence its showing the escape characters in the response. You can ignore that and just use the access token as thats what you need for the functional API calls.

{
  "issued_at": "1459460185473",
  "application_name": "e3475bfc-939c-425b-b10e-5a42ca4d1279",
  "scope": "",
  "status": "approved",
  "api_product_list": "[ABCProduct]",
  "expires_in": "3599",
  "developer.email": "sfdfgdfg",
  "token_type": "BearerToken",
  "client_id": "sdfsfs",
  "access_token": "DnKdHRiDmbQsrj1ZguvkuLxRadom",
  "organization_name": "dgddfg",
  "refresh_token_expires_in": "0",
  "custom-tags": "{\"lat\":37.3382082,\"lng\":-121.8863286}",
  "refresh_count": "0"
}

However, I wrote another proxy that has an OAuth policy to validate the access token and also retrieved the custom attributes, I don't see the escape characters on the trace tool. See screenshot below (marked within red)

2310-screen-shot-2016-03-31-at-25501-pm.png

In my Javascript policy after the VerifyAccessToken OAuth policy, I tried to retrieve the object

context.getVariable("accesstoken.custom-tags")

Looks like its a String object. I ran a typeof on the context variable.

Since its converting to String - you might have to use JSON.parse and use Object.keys to fetch the keys and iterate them through to fetch values, if required or else, just pass it on as JSON object.

Though this could fix your problem, I would recommend defining a structure of JSON that you want to store as attributes as it could get tough to handle all scenarios and could break the target systems. With the defined attributes structure, you control what you want to store as part of the token generation

Let me know if you have any questions.

Helpful, clear, and nice images too! Great answer!