OAuth validation policies without validating content-type against the body

We have an oauth validation policies on one of our proxies. During OAuth validation the policy also seems to validate the request body against the content-type in the request header while this may seem a highly desirable validation is there a way that we can have oauth validation with out validating the content-type against the request body

0 4 531
4 REPLIES 4

Former Community Member
Not applicable

Hi @vednath pittala that's surprising & works for me no matter what Content-Type header I pass. Are you referring to the OAuth2 / VerifyAccessToken policy or something else?

@Prithpal Bhogill here is how it is giving me 400:Bad Request

<?xml version="1.0" encoding="utf-8" ?> <ArrayOfDCCustomerQuestionnaire xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <DCCustomerQuestionnaire ><BestNumberToCall /> <BestTimeToCall /> <Branches><![CDATA[OMA92501]]></Branches> <TimeHorizon><![CDATA[1 to 3 Years]]></TimeHorizon> <TimeZone /> <TypeOfAdvisor><![CDATA[Money Manager only]]></TypeOfAdvisor> <TypeOfInvestmentVehicles><![CDATA[Mutual Funds]]></TypeOfInvestmentVehicles> <NotesBySubmitter><![CDATA[12%]]></NotesBySubmitter> <Occupation><![CDATA[Project Manager]]></Occupation> <OtherSpecificNeed /> <PrimaryPhoneNumber><![CDATA[(555) 444-7777]]></PrimaryPhoneNumber> <AccountNumber><![CDATA[160515151]]></AccountNumber> <ClientFirstName><![CDATA[Internal Ivr Team]]></ClientFirstName> <ClientID><![CDATA[0038000000UTqwkAAD]]></ClientID> <ClientLastName><![CDATA[Test Account]]></ClientLastName> <ClientProvidedPermissionToSendEmail><![CDATA[Yes]]></ClientProvidedPermissionToSendEmail> <CQDate><![CDATA[2016-04-04T17:39:56.000Z]]></CQDate> <CQLastModifiedDate><![CDATA[2016-04-04T17:39:56.000Z]]></CQLastModifiedDate> <Email><![CDATA[david.haskell@tdameritrade.com]]></Email> <AdditionalInfo /> <Advisors><![CDATA[D7C]]></Advisors> <Age><![CDATA[104]]></Age> <AmountToInvest><![CDATA[12222]]></AmountToInvest> <BestDateToCall></BestDateToCall> <ResAddress><![CDATA[135 Greene St]]></ResAddress> <Zip><![CDATA[07311]]></Zip> <RiskTolerance><![CDATA[Low Risk]]></RiskTolerance> <SecondaryCity /> <SecondaryPhoneNumber /> <ExpectedReturn><![CDATA[33]]></ExpectedReturn> <FirstName><![CDATA[Arun]]></FirstName> <InvestmentGoals><![CDATA[Capital Preservation]]></InvestmentGoals> <LastName><![CDATA[Balasubramanian]]></LastName> <RelationshipId><![CDATA[0018000000P13G2AAJ]]></RelationshipId> <RelationshipName><![CDATA[Osman]]></RelationshipName> <City><![CDATA[Jersey City]]></City> <State><![CDATA[NJ]]></State> <SecondaryState /> <SecondaryAddress /> <SecondaryZip /> <SecondaryReferralPackageToAddress><![CDATA[Residence Address]]></SecondaryReferralPackageToAddress> <SpecificNeedsForFinancial /> <TokenNum><![CDATA[6xRU_2BWh7JbCVc7nMFM3P9w_3D_3D12]]></TokenNum> <ReferralSource><![CDATA[IC]]></ReferralSource> </DCCustomerQuestionnaire></ArrayOfDCCustomerQuestionnaire>

Content-Type set to

application/x-www-form-urlencoded

have validateOauth policy on your proxy.

Thanks

Vednath

Former Community Member
Not applicable

Hi @vednath pittala it still works great for me even with the Content-Type set to "application/x-www-form-urlencoded" or even with "application/xml" or "text/xml" (which is what is should be if you are passing an XML doc to your proxy). I suspect the error is coming from somewhere other then your OAuth policy. Can you confirm that you are using the standard OAuth/VerifyAccessToken policy & can you post a screen shot of your trace tool?