{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Adapter for Envoy
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • 日本語コミュニティ
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Edge/API Management /
avatar image
0
Question by vednath pittala · Apr 07, 2016 at 01:48 PM · 402 Views oauth 2.0policies

OAuth validation policies without validating content-type against the body

We have an oauth validation policies on one of our proxies. During OAuth validation the policy also seems to validate the request body against the content-type in the request header while this may seem a highly desirable validation is there a way that we can have oauth validation with out validating the content-type against the request body

Comment
Add comment Show 2
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image pbhogill ♦ · Apr 07, 2016 at 04:04 PM 0
Link

Hi @vednath pittala that's surprising & works for me no matter what Content-Type header I pass. Are you referring to the OAuth2 / VerifyAccessToken policy or something else?

avatar image vednath pittala · Apr 08, 2016 at 07:56 PM 0
Link

@Prithpal Bhogill here is how it is giving me 400:Bad Request

<?xml version="1.0" encoding="utf-8" ?> <ArrayOfDCCustomerQuestionnaire xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <DCCustomerQuestionnaire ><BestNumberToCall /> <BestTimeToCall /> <Branches><![CDATA[OMA92501]]></Branches> <TimeHorizon><![CDATA[1 to 3 Years]]></TimeHorizon> <TimeZone /> <TypeOfAdvisor><![CDATA[Money Manager only]]></TypeOfAdvisor> <TypeOfInvestmentVehicles><![CDATA[Mutual Funds]]></TypeOfInvestmentVehicles> <NotesBySubmitter><![CDATA[12%]]></NotesBySubmitter> <Occupation><![CDATA[Project Manager]]></Occupation> <OtherSpecificNeed /> <PrimaryPhoneNumber><![CDATA[(555) 444-7777]]></PrimaryPhoneNumber> <AccountNumber><![CDATA[160515151]]></AccountNumber> <ClientFirstName><![CDATA[Internal Ivr Team]]></ClientFirstName> <ClientID><![CDATA[0038000000UTqwkAAD]]></ClientID> <ClientLastName><![CDATA[Test Account]]></ClientLastName> <ClientProvidedPermissionToSendEmail><![CDATA[Yes]]></ClientProvidedPermissionToSendEmail> <CQDate><![CDATA[2016-04-04T17:39:56.000Z]]></CQDate> <CQLastModifiedDate><![CDATA[2016-04-04T17:39:56.000Z]]></CQLastModifiedDate> <Email><![CDATA[david.haskell@tdameritrade.com]]></Email> <AdditionalInfo /> <Advisors><![CDATA[D7C]]></Advisors> <Age><![CDATA[104]]></Age> <AmountToInvest><![CDATA[12222]]></AmountToInvest> <BestDateToCall></BestDateToCall> <ResAddress><![CDATA[135 Greene St]]></ResAddress> <Zip><![CDATA[07311]]></Zip> <RiskTolerance><![CDATA[Low Risk]]></RiskTolerance> <SecondaryCity /> <SecondaryPhoneNumber /> <ExpectedReturn><![CDATA[33]]></ExpectedReturn> <FirstName><![CDATA[Arun]]></FirstName> <InvestmentGoals><![CDATA[Capital Preservation]]></InvestmentGoals> <LastName><![CDATA[Balasubramanian]]></LastName> <RelationshipId><![CDATA[0018000000P13G2AAJ]]></RelationshipId> <RelationshipName><![CDATA[Osman]]></RelationshipName> <City><![CDATA[Jersey City]]></City> <State><![CDATA[NJ]]></State> <SecondaryState /> <SecondaryAddress /> <SecondaryZip /> <SecondaryReferralPackageToAddress><![CDATA[Residence Address]]></SecondaryReferralPackageToAddress> <SpecificNeedsForFinancial /> <TokenNum><![CDATA[6xRU_2BWh7JbCVc7nMFM3P9w_3D_3D12]]></TokenNum> <ReferralSource><![CDATA[IC]]></ReferralSource> </DCCustomerQuestionnaire></ArrayOfDCCustomerQuestionnaire>

Content-Type set to

application/x-www-form-urlencoded

have validateOauth policy on your proxy.

Thanks

Vednath

Close

1 Answer

  • Sort: 
avatar image
1

Answer by pbhogill · Apr 08, 2016 at 08:09 PM

Hi @vednath pittala it still works great for me even with the Content-Type set to "application/x-www-form-urlencoded" or even with "application/xml" or "text/xml" (which is what is should be if you are passing an XML doc to your proxy). I suspect the error is coming from somewhere other then your OAuth policy. Can you confirm that you are using the standard OAuth/VerifyAccessToken policy & can you post a screen shot of your trace tool?

Comment
Add comment Show 1 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image vednath pittala · Apr 11, 2016 at 01:57 PM 0
Link

capture-cont1.jpgcapture-cont2.jpg

capture-cont1.jpg (169.1 kB)
capture-cont2.jpg (140.1 kB)

Follow this Question

Answers Answers and Comments

34 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

Variable attribute name in Set OAuth V2 Info policy 1 Answer

Why doesn't my generate token OAuth 2.0 policy with authorization grant work without a redirect_uri? 1 Answer

How to set dynamic value to expires_in field in oauth token? 2 Answers

invalidate refresh token does not throw error when passed an access token 2 Answers

Supporting OAuth "Public" clients in authorization code flow 1 Answer

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2021 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Adapter for Envoy
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • 日本語コミュニティ
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Badges