This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to get all the scopes of a developer app?

Posted on 02-06-2017 10:16 PM
Not applicable
Reply posted on --/--/---- --:-- AM

I have a developer app "app1" which has access to two API products "product1" and "product2". The scopes of product1 are a,b,c and scopes of product2 are d,e,f. How can I get the combined scopes as a,b,c,d,e,f in the flow using Access Entity policy?

Solved Solved
0 6 1,023
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

@bibin_kurian

When you access the APP Details using Access Entity Policy like below,

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessEntity async="false" continueOnError="false" enabled="true" name="getAppDetails">
    <DisplayName>Access Entity-1</DisplayName>
    <Properties/>
    <EntityIdentifier ref="request.queryparam.apikey" type="consumerkey"/>
    <EntityType value="app"/>
</AccessEntity>

And a JS Policy to see the results,

 print(context.getVariable("AccessEntity.getAppDetails"));

You generally see the scopes as empty. Reason behind it is you can actually assign scopes to an App too. Note that the Edge management UI / Developer Portal does not let you specify app-specific scopes. It is only possible if you use the API to create an app. You can specify the scope for an Developer App using the Create Developer APP API.

If you would like to access the scopes attached to API Products associated with App,

Its simple, just generate an access token without any scope defined. In this case, Edge generates a token that includes all of the scopes recognized by the developer app.

If you would like to selectively access scopes of API Products that are part of an App, You need to follow few steps.

  • Get App Details using Access Entity, Just like above.
  • Extract API Products from above response using JS / Extract Variables Policy.
  • Use API Product information in Access Entity Policy in a different policy to extract scopes.
  • Combine the scopes.

Hope it helps.

View solution in original post

Jump to Solution
0 Likes
6 REPLIES 6

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

I had the some requirement and failed to find the answer.

hope anyone who can help on this.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
anilsr
Staff
In response to
Reply posted on --/--/---- --:-- AM

@bing wang , Welcome to Apigee Community. Just FYI, Please use comments for discussion. Answers are strictly for answers. Thank you in advance.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

@bibin_kurian

When you access the APP Details using Access Entity Policy like below,

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessEntity async="false" continueOnError="false" enabled="true" name="getAppDetails">
    <DisplayName>Access Entity-1</DisplayName>
    <Properties/>
    <EntityIdentifier ref="request.queryparam.apikey" type="consumerkey"/>
    <EntityType value="app"/>
</AccessEntity>

And a JS Policy to see the results,

 print(context.getVariable("AccessEntity.getAppDetails"));

You generally see the scopes as empty. Reason behind it is you can actually assign scopes to an App too. Note that the Edge management UI / Developer Portal does not let you specify app-specific scopes. It is only possible if you use the API to create an app. You can specify the scope for an Developer App using the Create Developer APP API.

If you would like to access the scopes attached to API Products associated with App,

Its simple, just generate an access token without any scope defined. In this case, Edge generates a token that includes all of the scopes recognized by the developer app.

If you would like to selectively access scopes of API Products that are part of an App, You need to follow few steps.

  • Get App Details using Access Entity, Just like above.
  • Extract API Products from above response using JS / Extract Variables Policy.
  • Use API Product information in Access Entity Policy in a different policy to extract scopes.
  • Combine the scopes.

Hope it helps.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to anilsr
Reply posted on --/--/---- --:-- AM

Thanks Anil!! It looks like it’s important to add empty scope element (<Scope/>) in the generate accesstoken policy because if the HTTP method is POST and the request contains scope then the accesstoken scope will be the scope in the request body because Edge default scope reference is request.formparam.scope.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to anilsr
Reply posted on --/--/---- --:-- AM

Very useful info. Thanks, @Anil Sagar

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
anilsr
Staff
In response to
Reply posted on --/--/---- --:-- AM

Anytime @Travis Spencer , Keep us posted moving forward if any.

Jump to Solution
0 Likes