OAuth2 - Refresh token is not reaching to fault ha...

Report Inappropriate Content · 10-14-2016 12:18 AM

The refresh token operation in OAuth2 policy is no going to fault flow if we pass expired refresh token. In following proxy if pass expired refresh token value in request.formparam.refreshtoken, it returns HTTP status code 400, however it is not reaching to fault handler flow. Instead, it continuing in regular flow and hence not executing fault handler policies.

<OAuthV2 async="false" continueOnError="false" enabled="true" name="OA.AccessTokenRefresh">
    <DisplayName>OA.AccessTokenRefresh</DisplayName>
    <Operation>RefreshAccessToken</Operation>
    <GrantType>request.formparam.grant_type</GrantType>
    <ExpiresIn ref="oauthv2accesstoken.GOA.GetOAuthAttributes.accesstoken.ttl">120000</ExpiresIn>
    <RefreshTokenExpiresIn ref="oauthv2accesstoken.GOA.GetOAuthAttributes.accesstoken.refreshTtl">500000</RefreshTokenExpiresIn>
    <RefreshToken>request.formparam.refreshtoken</RefreshToken>
    <GenerateResponse enabled="true"/>
</OAuthV2>

Is this expected behavior (I assume not) or bug? Is there any workaround for this?

anilsr

@Sujnana Rai , Please update your question with faultrules to better understand your issue. Ideally, It should work as expected. Keep us posted.

nmallesh

This can happen only if the policy has the flag continueOnError set to true.

As seen in the snap-shot you have attached, this is not the case.

Please provide more information and screen-shots of the Apigee Trace tool to figure out the reason behind the issue, you are facing.

The default behaviour of Apigee when requested for Refresh Token with the expired refresh-token raises a fault, which must go through the custom fault rules if defined. (cross-checked and working)

OAuth2 - Refresh token is not reaching to fault handler flow when we pass expired refresh token