Solved: Extract app name from AccessEntity

Nitesh_Shrestha · 09-16-2016 07:28 AM

Hi,

I am using AccessEntity policy to get developer app name from client_id. Here is the trace that I get after using following policy:

<AccessEntity async="false" continueOnError="false" enabled="true" name="GetDevAppProfile">
    <DisplayName>GetDevAppProfile</DisplayName>
    <EntityType value="app"/>
    <EntityIdentifier ref="request.queryparam.client_id" type="consumerkey"/>
</AccessEntity>

AccessEntity.ChildNodes.GetDevAppProfile.App	<?xml version="1.0" encoding="UTF-8"?><App name="Developer App Test1"><AccessType/><ApiProducts/>

How to extract the value of App name, i.e. 'Developer App Test1'.

Same value appeared in

AccessEntity.ChildNodes.GetDevAppProfile.App.Attributes.Attribute.1.Value

as well and trying to get this one as below does not work

<ExtractVariables name="SetDevAppProfile">
    <Source>AccessEntity.GetDevAppProfile</Source>
    <VariablePrefix>devapp</VariablePrefix>
    <XMLPayload>
        <Variable name="name" type="string">
            <!-- You parse elements from the developer profile using XPath. -->
            <XPath>/App/Attributes/Attribute/1/Value</XPath>
        </Variable>
    </XMLPayload>
</ExtractVariables>

Thanks,

ssvaidyanathan

Hi @NiteshShrestha

Try this Xpath in your Extract Variable policy

/App/Attributes/Attribute[Name='DisplayName']/Value/text()

You can test your xpath using some online tools too so that you don't have to deploy and test everytime. I use this link to test my Xpath. Just paste the XML from the trace and then use the XPath to see the values. The same can be put in your policy once you know what you need to extract.

On the other hand - if you are using VerifyAPIkey policy, you do not need to extract the display name like this, it will automatically populate a variable for you. The variable is verifyapikey.{policyName}.DisplayName. You can see it in your trace when you click the VerifyApiPolicy icon. You can directly use this variable in your proxy code.

There are other variables too that get auto-populated when you run the VerifyAPIKey policy successfully. More details here

View solution in original post

ssvaidyanathan

Hi @NiteshShrestha

Try this Xpath in your Extract Variable policy

/App/Attributes/Attribute[Name='DisplayName']/Value/text()

You can test your xpath using some online tools too so that you don't have to deploy and test everytime. I use this link to test my Xpath. Just paste the XML from the trace and then use the XPath to see the values. The same can be put in your policy once you know what you need to extract.

On the other hand - if you are using VerifyAPIkey policy, you do not need to extract the display name like this, it will automatically populate a variable for you. The variable is verifyapikey.{policyName}.DisplayName. You can see it in your trace when you click the VerifyApiPolicy icon. You can directly use this variable in your proxy code.

There are other variables too that get auto-populated when you run the VerifyAPIKey policy successfully. More details here

ssvaidyanathan

@docs

I see verifyapikey.{policyName}.DisplayName is not documented in the flow variables here. Can we get it fixed ?

willwitman

@Sai Saran Vaidyanathan

I added it. Thanks.

ssvaidyanathan

Thanks @wwitman

Nitesh_Shrestha

Thanks @Sai Saran Vaidyanathan

Yeah, its simple xpath thing to get attribute. I got it as below:

//App/@name

I am not using VerifyAPIkey for this, as I do not want to force the product(s) to have this proxy. This is just to know Dev profile who ever passes client_id.

And I realized that, we can use flow variable directly in our assignment without having extract policy.

AccessEntity.ChildNodes.GetDevAppProfile.App.Attributes.Attribute.1.Value

Thanks,

ssvaidyanathan

Glad it worked. Yes, you can do that as well.

SamadhanGudekar

Hi, can you help with how to get App name when no verify API policy used but instead JWT (verify JWT) is used?

dchiesa1

You cannot. The VerifyJWT policy just verifies a JWT. That JWT might be issued by any party, and the policy does not assume that there is a field in the JWT that relates to a client ID, or a registered Apigee API Product or App.

The way you would do it is take 2 steps: first verifyJWT, and if that passes, then use VerifyAPIKey to verify the clientID that is passed in some field of the payload of the JWT. This gives you App credential verification, API Product resolution, all the goodness that comes with that. and of course you can then retrieve the App name and so on. There is an additional requirement to make this happen: the payload of the JWT must have a field that contains a valid Apigee client ID. The field itself can have any name, but it must contain a "consumer key" or "client ID" that is known to Apigee.

How do you insure that the payload of a JWT issued by a third-party contains a clientID that is knnown to Apigee? You need to synchronize the clientIDs. For example if you use Okta as your IdP and JWT issuing party, Okta has a clientID field. When you provision the app in Okta, you'll get that client ID. You need to import that client into Apigee , as a new credential. That "import a pre-existing API key" is not accessible through the Apigee UI, at this time. In Apigee X or hybrid, you would use this Apigee API to do the import.

Helpful?