In an OAuthV2 policy with InvalidateToken, can the cascade param reference a flow variable?

ccovney
Participant V

I created an endpoint in apigee edge, /oauth/revoke, that exposes [access/refresh] token revocation functionality.

My issue is that I need to be able to allow the client to dynamically set the cascade value for the revocation. My attempt at having the cascade reference a flow variable seems to have failed. Is it possible for the cascade param to reference a flow variable? Here is my policy code:

<OAuthV2 name="revoke-token">
    <DisplayName>revoke-token</DisplayName>
    <FaultRules/>
    <Properties/>
    <Attributes/>
    <ExternalAuthorization>false</ExternalAuthorization>
    <Operation>InvalidateToken</Operation>
    <SupportedGrantTypes/>
    <GenerateResponse enabled="true"/>
    <Tokens>
    	<Token type="accesstoken" cascade="{flow.variable}">request.formparam.token</Token>
  	</Tokens>
</OAuthV2>

You'll notice in the <Token> element, there is the cascade attribute, which I am attempting to set equal to a flow variable, such that the request can dynamically set the cascade value. So far as I can tell, this is not working. Any help or insight would be very much appreciated!

Chris

Solved Solved
2 2 340
1 ACCEPTED SOLUTION

I don think, you could pass a reference to the cascade attribute,

One way that comes to mind immediately is,

Create 2 Invalidate policies - one with cascade=true and one with cascade=false, and conditionally execute these policies based on the client request,

por ejemplo,

<Step>
  <Condition>request.queryparam.cascade = "true"</Condition>
  <Name>InvalidateTokenWithCascade</Name>
</Step>
<Step>
  <Condition>request.queryparam.cascade is null or request.queryparam.cascade = "false"</Condition>
  <Name>InvalidateTokenWithoutCascade</Name>
</Step>


Please refer to Condition reference for more info on how to use conditions

http://apigee.com/docs/api-services/reference/conditions-reference

View solution in original post

2 REPLIES 2

I don think, you could pass a reference to the cascade attribute,

One way that comes to mind immediately is,

Create 2 Invalidate policies - one with cascade=true and one with cascade=false, and conditionally execute these policies based on the client request,

por ejemplo,

<Step>
  <Condition>request.queryparam.cascade = "true"</Condition>
  <Name>InvalidateTokenWithCascade</Name>
</Step>
<Step>
  <Condition>request.queryparam.cascade is null or request.queryparam.cascade = "false"</Condition>
  <Name>InvalidateTokenWithoutCascade</Name>
</Step>


Please refer to Condition reference for more info on how to use conditions

http://apigee.com/docs/api-services/reference/conditions-reference

Mukundha,

That's a great idea. I will implement this. Thanks for the help!

Chris