This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Easy Way to Access Auth Bearer Token in Header

Posted on 01-24-2017 10:12 AM
williamking
New Member
Reply posted on --/--/---- --:-- AM

I want to use the Get OAuth Info policy to retrieve info for the token provided in the request header as "Authorization: Bearer {token}".

The only way I know to accomplish this is to first copy the token to another portion of the request or a custom context variable via a Javascript policy. This is a little frustrating because the regular OAuth policy will pick up the bearer token without any extra effort.

Can the "get oauth info" policy not do the same? Is there a syntax I'm missing? Something like the below (which doesn't work of course):

<AccessToken ref="request.header.Authorization:Bearer"/>
Solved Solved
0 5 5,617
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
hanselm
Staff
Reply posted on --/--/---- --:-- AM

You could use an ExtractVariables policy before the GetOauthV2Info policy:

<ExtractVariables>
   <Headername="Authorization">
      <PatternignoreCase="false">Bearer {oauthtoken}</Pattern>
    </Header>
</ExtractVariables>

Then use the extracted variable (oauthtoken) as a reference, like so:

<GetOAuthV2Info>
  <AccessToken ref="oauthtoken"/>
</GetOAuthV2Info>

View solution in original post

Jump to Solution
5 REPLIES 5

Posted on --/--/---- --:-- AM
hanselm
Staff
Reply posted on --/--/---- --:-- AM

You could use an ExtractVariables policy before the GetOauthV2Info policy:

<ExtractVariables>
   <Headername="Authorization">
      <PatternignoreCase="false">Bearer {oauthtoken}</Pattern>
    </Header>
</ExtractVariables>

Then use the extracted variable (oauthtoken) as a reference, like so:

<GetOAuthV2Info>
  <AccessToken ref="oauthtoken"/>
</GetOAuthV2Info>
Jump to Solution

Posted on --/--/---- --:-- AM
williamking
New Member
In response to hanselm
Reply posted on --/--/---- --:-- AM

That does look like a pretty clean way to do it. But still, I'm wondering if it's possible without the extra policy.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
masood
New Member
In response to hanselm
Reply posted on --/--/---- --:-- AM

Putting it properly; there were a few spaces missing in the above: 

<ExtractVariables>
   <Header name="Authorization">
      <Pattern ignoreCase="false">Bearer {oauthtoken}</Pattern>
    </Header>
</ExtractVariables>
Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
sharathyeramall
New Member
In response to hanselm
Reply posted on --/--/---- --:-- AM

If i wanted to get this access token in java script how would i pull it,was that request.getVariable("oauthtoken") ?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to sharathyeramall
Reply posted on --/--/---- --:-- AM

After the given ExtractVariables policy, you would use something like this code in JavaScript: 

var token = context.getVariable('oauthtoken');
Jump to Solution
0 Likes