{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Edge/API Management /
avatar image
0
Question by Siddharth Barahalikar · Mar 31, 2015 at 03:53 PM · 1.2k Views edgeoauth 2.0

"error": "auth_unverified_oath",

Hi guys, I'm new to apigee and trying to add an OAuth v2.0 to one of my proxy. I saw the foundation videos chapter 6 and followed all the steps.

I've been trying for client_credentials grant type. I got the "access_token" and now I added Oauth v2.0 to my proxy with <Operation>VerifyAccessToken</Operation>.

In API Console I gave header parameter as Authorization and value as Bearer <access_token> and with Get Resource when I click Send....I'm getting error as...

HTTP/1.1 401 Unauthorized
Date:Tue, 31 Mar 2015 15:28:50 GMT
Access-Control-Allow-Origin:*
Content-Length:202
Connection:keep-alive
Content-Type:application/json
Server:Apache-Coyote/1.1
{
  "error": "auth_unverified_oath",
  "timestamp": 1427815730356,
  "duration": 0,
  "exception": "org.apache.usergrid.rest.exceptions.SecurityException",
  "error_description": "Unable to authenticate OAuth credentials"
}

Where did I go wrongs???

Comment
Add comment
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Close

9 Answers

  • Sort: 
avatar image
3
Best Answer

Answer by sudheendras   · Apr 15, 2015 at 07:44 AM

Thanks! These proxies helped me solve the problem.

All you need to do is to remove the "Authorization" header in your "323-cats-oauth-rev1-2015-04-15" proxy before calling BaaS (i.e. after Verify Token policy). Otherwise BaaS tries to validate the token and eventually fails as it was generated by Edge. Remember BaaS also provides OAuth way of generating/verifying tokens.

You can remove the "Authorization" header using "AssignMessage" policy as below -

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="Assign-Message-1">
    <DisplayName>Assign Message 1</DisplayName>
    <FaultRules/>
    <Properties/>
    <Remove>
        <Headers>
            <Header name="Authorization"></Header>
        </Headers>
    </Remove>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>

I have also attached the updated proxy here.. 323-cats-oauth-rev1-2015-04-15-rev2-2015-04-15.zip

After you generate the Access Token, call this API proxy with "Authorization Bearer <ACCESS_TOKEN>" header.


323-cats-oauth-rev1-2015-04-15-rev2-2015-04-15.zip (2.2 kB)
Comment
Add comment Show 1 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image michaelmcdowell · Dec 05, 2016 at 10:43 PM 0
Link

Would it be possible to update the Foundation Training module Connecting Edge to BaaS with this information as the example won't work without this policy applied to the BaaS collection target's PreFlow.

avatar image
1

Answer by sudheendras   · Apr 14, 2015 at 01:56 PM

To keep things simple and make it easier for you to try things out, the "sandbox" application in BaaS has all authentication disabled. That way, it doesn’t require an access token for application-level calls to the API.

Create an API proxy in Edge with "Backend Service URL" as - http://api.usergrid.com/siddharth1/sandbox/restaurants. To protect this new API proxy, you could use the out of the box OAuthV2 policy with Operation as "VerifyAccessToken". Now generate an Access token using any of the OAuth grant types (Ex. a simple Client credentials flow is described here). Once you have the access token, call the protected API proxy by passing the Access Token as part of the Auth header. Ex - "Authorization Bearer <ACCESS_TOKEN>". Please check out our documentation site with detailed steps here.

Comment
Add comment · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image
0

Answer by Siddharth Barahalikar   · Apr 09, 2015 at 04:30 AM

Hi @Dino as I said BearerToken was working for me 7days ago. Now neither of them work. I tried multiple times with newly generated accesstoken, still I get the same error which I mentioned in the first post.

Any suggestions about this?

Comment
Add comment Show 2 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image gnanasekaran ♦ · Apr 09, 2015 at 02:57 PM 1
Link

Hi,

Looks like the error ['org.apache.usergrid.rest.exceptions.SecurityException'] indicates its coming form Baas, are you proxying your API Baas? Probably your backend is returning error, and probably because your token to backend is not correct?

Thanks,

avatar image Siddharth Barahalikar gnanasekaran ♦   · Apr 10, 2015 at 03:55 AM 0
Link

Hi @mukundha@apigee.com,

Yeah I'm using a proxy to Get data from BaaS. But what is a token to backend? Can you guide me about that, I have no idea about a token to backend.

Thanks

avatar image
0

Answer by Siddharth Barahalikar   · Apr 10, 2015 at 05:21 AM

@mukundha@apigee.com and @Maruti Chand

guys I need one more clarification....8days ago when I got this error ['org.apache.usergrid.rest.exceptions.SecurityException']

I used BearerToken <accesstoken> instead of Bearer <accesstoken> and the error disappeared and I got the requested response.

Why did BearerToken <accesstoken> worked?

Comment
Add comment Show 3 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image gnanasekaran ♦ · Apr 10, 2015 at 02:43 PM 0
Link

adding to @Maruti Chand's comment, There is no auth scheme as 'BearerToken', so the service will ignore whatever you send there,

But 'Bearer' is a valid Oauth auth scheme, so when this header is present, the service tries to validate the request and it fails.

In your case its easier, since you are using sandbox and you don need any credential to API Baas. So in your proxy after the access token is validated, remove the Authorization header before sending to the Baas

Thanks

avatar image Siddharth Barahalikar gnanasekaran ♦   · Apr 14, 2015 at 10:49 AM 0
Link

@mukundha@apigee.com

How can I do this?

////So in your proxy after the access token is validated, remove the Authorization header before sending to the Baas////
avatar image gnanasekaran ♦ Siddharth Barahalikar · Apr 14, 2015 at 01:05 PM 1
Link

you can do this using AssignMessage policy - In Remove section you could remove the headers. Attach this policy in the request flow

    <Remove>
        <Headers>
            <Header name="Authorization"/>
        </Headers>
    </Remove>

Thanks,

avatar image
0

Answer by Siddharth Barahalikar   · Apr 14, 2015 at 09:33 AM

Hi @Maruti Chand,

I've few questions...

curl -v https://api.usergrid.com/siddharth1/sandbox/restaurants -H "Authorization: BearerToken AVDS"

The above code works with/without BearerToken,

Actually my requirement is that my proxy url should be able to hit the BaaS backend and GET the data such as,

curl -v http://siddharth1-test.apigee.net/restaurants -H "Authorization: BearerToken AVDS"

where

Default Proxy Endpoint Base Path - /restaurants

Default Target Endpoint URL - http://api.usergrid.com/siddharth1/sandbox/restaurants

So when I use this cmd...I get the following error.

HTTP/1.1 401 Unauthorized
Content-Type: application/json
WWW-Authenticate: Bearer realm="null",error='invalid_token",error_description=auth.v2.InvalidAccessToken: Invalid access token"
Content-Length: 101
Connection: keep-alive


fault":{"faultstring":"Invalid access token","detail":{"errorcode":"oauth.v2.IalidAccessToken"}}}* Connection #0 to host siddharth1-test.apigee.net left intact

So my question is, how can I use OAuth with my Proxy URL having BaaS as my backend.

Comment
Add comment · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image
0

Answer by Siddharth Barahalikar   · Apr 14, 2015 at 04:46 PM

curl: (6) Could not resolve host: \
{"fault":{"faultstring":"Invalid access token","detail":{"errorcode":"oauth.v2.I
nvalidAccessToken"}}}

Hi @sudheendra1, I followed all the steps, but I'm stilling getting this error.

I've even created a new account and tried it. Still same error.

This OAuth used to work for me few weeks back,now it is not working even after applying the same steps.

Comment
Add comment Show 1 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image sudheendras ♦   · Apr 14, 2015 at 04:53 PM 0
Link

Can you please share your proxies?

avatar image
0

Answer by Siddharth Barahalikar   · Apr 15, 2015 at 06:00 AM

I have attached GenerateToken and VerifyAccessToken proxies have a look..

no-target-rev1-2015-04-15.zip

cats-oauth-rev1-2015-04-15.zip


no-target-rev1-2015-04-15.zip (1.6 kB)
cats-oauth-rev1-2015-04-15.zip (1.7 kB)
Comment
Add comment · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image
0

Answer by Siddharth Barahalikar   · Apr 15, 2015 at 08:25 AM

Whoa!!...finally it is working.

The same solution was given by @mukundha@apigee.com but I somehow couldn't do it.

@sudheendra1 Thank you for providing the updated proxy.

Comment
Add comment · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image
0

Answer by Siddharth Barahalikar   · Apr 17, 2015 at 08:46 AM

Hi @sudheendra1, a simple question....now that OAuth is working for me how can I make it work for a webpage?

I have a webpage where I GET and display the data from sandbox(BaaS). So when I added a OAuth in my proxy, my webpage doesn't get data because of OAuth conflict.

So what I have to do? Every time should I go to APIGEE console and enter access token and only then does the webpage get the data?

Comment
Add comment Show 1 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image sudheendras ♦   · Apr 17, 2015 at 09:14 AM 0
Link

What do you want to accomplish?

Ideally you do everything programmatically i.e obtaining access token, calling subsequent APIs with access token etc. You could use your preferred programming language to implement this.

Follow this Question

Answers Answers and Comments

21 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

Update AccessTokenPrefix Not Working 1 Answer

How do I validate access token was issued to the client 4 Answers

OAUTH Generate token & Flow Hook 1 Answer

"Unable to identify proxy for host: secure and url: /loginapp/login" , oauth-advanced (apigee- api platform samples) 1 Answer

Accessing scopes from Javascript 2 Answers

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2019 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Members
  • Badges