This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Get OAuthV2 Info

Posted on 11-17-2016 08:40 AM
Not applicable
Reply posted on --/--/---- --:-- AM

I'm using apigee with a ping federate IdP and using ping to generate external OpenID Connect ID tokens and OAuth2 access and refresh tokens. I'm trying to use the Get OAuth V2 Info policy to get attributes of the refresh token in a refresh_token flow I'm proxying but the Get OAuth V2 Info policy is telling me that the refresh token is invalid.

If I use the refresh token to call the ping federate's token refresh endpoint I'm able to successfully get a new access token and refresh token, so I suspect there's some complication related to using an external token provider. I'd love to find pointers to what's going on or even talk to someone familiar with this, I suspect I need to do something special because I'm using an external token provider and this token was provided by it, but I haven't found anything yet to indicate how to handle this.

0 5 302
Topic Labels
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
zubermohammad
Silver 3
Silver 3
Reply posted on --/--/---- --:-- AM

Hi @Jack Hart,

Yes, you need to do some configurations and change your oAuth v2 policy to incorporate usage of external/third party tokens.

Please refer the below docs for usage of External Tokens and how to configure them in OAuth policy.

http://docs.apigee.com/api-services/content/use-third-party-oauth-system

Cheers!

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to zubermohammad
Reply posted on --/--/---- --:-- AM

I've been looking at that link, and I'm in compliance with it I think and there are a few other articles about 3rd party or external tokens but for some reason none of that has resolved it. I am seeing all the pieces of this, I have the new access and refresh tokens and the old refresh token all in variables but when I try to run the <StoreToken> policy, it gives me one of several errors, usually that my refresh_token is invalid.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Here's the oauth v2 policy stuff, I tried putting <GrantType> in too but it didn't resolve it either:


<OAuthV2 async="false" continueOnError="false" enabled="true" name="OAuth-v20-Refresh">
<DisplayName>OAuth v2.0-Refresh</DisplayName>
<Properties/>
<Attributes/>
<ExternalAuthorization>true</ExternalAuthorization>
<ExternalAccessToken>new_access_token</ExternalAccessToken>
<ExternalRefreshToken>new_refresh_token</ExternalRefreshToken>
<RefreshToken>old_refresh_token</RefreshToken>
<Operation>RefreshAccessToken</Operation>
<StoreToken>true</StoreToken>
<ExpiresIn ref="expiresInMillis">3600000</ExpiresIn>
<ReuseRefreshToken>false</ReuseRefreshToken>
<GenerateResponse enabled="true"/>
<!-- GenerateErrorResponse enabled="true"/ -->
<Tokens/>
</OAuthV2>

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

I set "oauth_external_authorization_status" to true etc.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

This article is pretty good, but I'm already getting the initial tokens, it's the refresh flow that I'm having trouble with.

https://community.apigee.com/questions/32116/interfacing-apigee-with-external-identity-provider.html

0 Likes