I want to support both ways of passing grant_type for refresh token:
1. As a query param
2. As a form param
Is there a way to support both of this ? I see <Grant_Type> in RefreshToken Policy where I could specify where the value is coming from.
The <GrantType> accepts just variables, and I do not want to have a js policy to set some variable to refresh_token since 'grant_type' can be either form param or queryparam. If I specify static value (refresh_token) then an error is thrown "Required Param: grant_type". If I do not specify <GrantType>, then by default it expects 'grant_type' to be in 'formparams'.
Any workaround for this ?
If you want to support a grant type included as a form param or a query param then you should use a JavaScript Callout Policy that will check the request form/query param and populate a flow variable depending on which one is included in the request.
var formParam = context.getVariable("request.queryparam.grant_type"); var queryParam = context.getVariable("request.formparam.grant_type"); if(formParam){ context.setVariable("flow.grant_type", formParam); } else if (queryParam) { context.setVariable("flow.grant_type", queryParam); } else { context.setVariable("flow.grant_type", ""); }
Also include a RaiseFault policy after the JavaScript policy that raises a fault if the flow.grant_type variable is blank.
<Step> <Name>RaiseFaultGrantTypeNotIncluded</Name> <Condition>flow.grant_type == ""</Condition> </Step>
Your OAuth V2 Policy will then looks similar to the one below. Notice that it refers to the flow.grant_type variable that was created in the JavaScript callout.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <OAuthV2 async="false" continueOnError="false" enabled="true" name="OAuth-v20-1"> <DisplayName>OAuth v2.0-1</DisplayName> <Operation>RefreshAccessToken</Operation> <!-- This is in millseconds, so expire in an hour --> <ExpiresIn>3600000</ExpiresIn> <GrantType>flow.grant_type</GrantType> <GenerateResponse/> </OAuthV2>
User | Count |
---|---|
6 | |
2 | |
1 | |
1 | |
1 |