This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Refresh Token grant type input options

Posted on 09-22-2016 12:12 PM
Not applicable
Reply posted on --/--/---- --:-- AM

I want to support both ways of passing grant_type for refresh token:
1. As a query param
2. As a form param
Is there a way to support both of this ? I see <Grant_Type> in RefreshToken Policy where I could specify where the value is coming from.

The <GrantType> accepts just variables, and I do not want to have a js policy to set some variable to refresh_token since 'grant_type' can be either form param or queryparam. If I specify static value (refresh_token) then an error is thrown "Required Param: grant_type". If I do not specify <GrantType>, then by default it expects 'grant_type' to be in 'formparams'.

Any workaround for this ?

1 1 496
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
williamssean
Staff
Reply posted on --/--/---- --:-- AM

@Hanumant Jagtap

If you want to support a grant type included as a form param or a query param then you should use a JavaScript Callout Policy that will check the request form/query param and populate a flow variable depending on which one is included in the request. 

var formParam = context.getVariable("request.queryparam.grant_type");
var queryParam = context.getVariable("request.formparam.grant_type");
if(formParam){
    context.setVariable("flow.grant_type", formParam);
} else if (queryParam) {
    context.setVariable("flow.grant_type", queryParam);
} else {
    context.setVariable("flow.grant_type", "");
}

Also include a RaiseFault policy after the JavaScript policy that raises a fault if the flow.grant_type variable is blank.

 <Step>
       <Name>RaiseFaultGrantTypeNotIncluded</Name>
       <Condition>flow.grant_type == ""</Condition>
 </Step>

Your OAuth V2 Policy will then looks similar to the one below. Notice that it refers to the flow.grant_type variable that was created in the JavaScript callout.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 async="false" continueOnError="false" enabled="true" name="OAuth-v20-1">
    <DisplayName>OAuth v2.0-1</DisplayName>
    <Operation>RefreshAccessToken</Operation>
    <!-- This is in millseconds, so expire in an hour -->
    <ExpiresIn>3600000</ExpiresIn>
    <GrantType>flow.grant_type</GrantType>
    <GenerateResponse/>
</OAuthV2>
0 Likes