Solved: How can I get custom attributes from developer app...

Report Inappropriate Content · 04-19-2017 11:22 AM

I need to verify a custom attribute added to a developer app and add some functionality based on it. How can I refer to a custom attribute from a developer app in my proxy flow?

DChiesa

oauthv2.verify-oauth-v2-access-token.developer.skype_id -> (doesn't work)

That will not work.

You will need an extra step to retrieve the information associated to the developer that owns the credential, that was used to generate the token. Developer, credential, token... Lots of distinct concepts here!

The VerifyAccessToken policy will implicitly load into request context, any attributes associated to the TOKEN. These attributes can be set at token (or code) generation time. These attributes are available via variable names like:

accesstoken.{custom_attribute_name}

The VerifyAccessToken also implicitly loads into context the attributes associated to the API PRODUCT. This is automatic. These values are available via variables named as:

apiproduct.{custom_attribute_name}

There are also other attributes loaded into the request context. These include:

developer.id
developer.app.name
client_id
scope

These variables are documented here.

Now, suppose you want a different attribute associated to the developer. Not the developer ID, not the developer app name. You want the developer email, or the custom attribute (eg, skype_id) associated to the developer. To do that you need to follow the VerifyAccessToken with an AccessEntity policy. This policy is used to load attributes of *any kind* of entity. Something like this will retrieve all attributes (standard and custom) for the developer:

<AccessEntity name='AE-1'>
  <EntityType value='developer' />
  <EntityIdentifier type='consumerkey' ref='client_id' />
</AccessEntity><br>

If you wanted to retrieve custom attributes associated to the App entity, you would do this:

 <AccessEntity name='AE-1'>
  <EntityType value='app' />
  <EntityIdentifier type='consumerkey' ref='client_id' />
</AccessEntity>

And after that policy executes (the first example - the one that accesses the 'developer' entity), data something like this will be available in the request context:

<Developer>
  <Apps>
    <App>app_1C</App>
    <App>app_1D</App>
    <App>app_1E</App>
    <App>app_1A</App>
    <App>app_1B</App>
  </Apps>
  <Companies/>
  <Email>dchiesa+1001@google.com</Email>
  <DeveloperId>0LGMvbtM2UiLU8xo</DeveloperId>
  <FirstName>Dino</FirstName>
  <LastName>Chiesa1001</LastName>
  <UserName>Dino.Chiesa1001</UserName>
  <OrganizationName>cap500</OrganizationName>
  <Status>active</Status>
  <Attributes>
    <Attribute>
      <Name>created by</Name>
      <Value>nodejs createDeveloper.js</Value>
    </Attribute>
    <Attribute>
      <Name>skype_id</Name>
      <Value>ABCDEFG@skype</Value>
    </Attribute>
  </Attributes>
  <CreatedAt>1492389330113</CreatedAt>
  <CreatedBy>dchiesa@google.com</CreatedBy>
  <LastModifiedAt>1492716198373</LastModifiedAt>
  <LastModifiedBy>dchiesa@google.com</LastModifiedBy>
</Developer>

But you want ONE particular string from that. To get that you need an additional policy, ExtractVariables, configured like this:

<ExtractVariables name="Extract-DeveloperInfo">
    <Source>AccessEntity.AE-1</Source>
    <VariablePrefix>dev</VariablePrefix>
    <XMLPayload>
        <Variable name="skype_id" type="string">
            <XPath>/Developer/Attributes/Attribute[Name='skype_id']/Value/text()</XPath>
        </Variable>
    </XMLPayload>
</ExtractVariables><br>

...And after that policy executes, there will be a variable called 'dev.skype_id' that contains the skype_id value for this developer.

View solution in original post

madhans

When API key validation or OAuth token validation happens, the attributes of the developer are automatically populated. In a subsequent policy these variables are available. This includes custom attributes.

If the custom attribute is named skype_id the flow variable will be.

verifyapikey.{policy_name}.developer.skype_id

Refer to

http://docs.apigee.com/api-services/reference/verify-api-key-policy#variables-developerflowvariables

http://docs.apigee.com/api-services/content/oauthv2-policy#flowvariables-verifyaccesstokenoperation

Report Inappropriate Content

I use a OAuthV2 validation with a name like: "verify-oauth-v2-access-token", does that means that I should access the developer attributes like this?:

oauthv2.verify-oauth-v2-access-token.developer.skype_id -> (doesn't work)

What am I doing wrong?

DChiesa

oauthv2.verify-oauth-v2-access-token.developer.skype_id -> (doesn't work)

That will not work.

You will need an extra step to retrieve the information associated to the developer that owns the credential, that was used to generate the token. Developer, credential, token... Lots of distinct concepts here!

The VerifyAccessToken policy will implicitly load into request context, any attributes associated to the TOKEN. These attributes can be set at token (or code) generation time. These attributes are available via variable names like:

accesstoken.{custom_attribute_name}

The VerifyAccessToken also implicitly loads into context the attributes associated to the API PRODUCT. This is automatic. These values are available via variables named as:

apiproduct.{custom_attribute_name}

There are also other attributes loaded into the request context. These include:

developer.id
developer.app.name
client_id
scope

These variables are documented here.

Now, suppose you want a different attribute associated to the developer. Not the developer ID, not the developer app name. You want the developer email, or the custom attribute (eg, skype_id) associated to the developer. To do that you need to follow the VerifyAccessToken with an AccessEntity policy. This policy is used to load attributes of *any kind* of entity. Something like this will retrieve all attributes (standard and custom) for the developer:

<AccessEntity name='AE-1'>
  <EntityType value='developer' />
  <EntityIdentifier type='consumerkey' ref='client_id' />
</AccessEntity><br>

If you wanted to retrieve custom attributes associated to the App entity, you would do this:

 <AccessEntity name='AE-1'>
  <EntityType value='app' />
  <EntityIdentifier type='consumerkey' ref='client_id' />
</AccessEntity>

And after that policy executes (the first example - the one that accesses the 'developer' entity), data something like this will be available in the request context:

<Developer>
  <Apps>
    <App>app_1C</App>
    <App>app_1D</App>
    <App>app_1E</App>
    <App>app_1A</App>
    <App>app_1B</App>
  </Apps>
  <Companies/>
  <Email>dchiesa+1001@google.com</Email>
  <DeveloperId>0LGMvbtM2UiLU8xo</DeveloperId>
  <FirstName>Dino</FirstName>
  <LastName>Chiesa1001</LastName>
  <UserName>Dino.Chiesa1001</UserName>
  <OrganizationName>cap500</OrganizationName>
  <Status>active</Status>
  <Attributes>
    <Attribute>
      <Name>created by</Name>
      <Value>nodejs createDeveloper.js</Value>
    </Attribute>
    <Attribute>
      <Name>skype_id</Name>
      <Value>ABCDEFG@skype</Value>
    </Attribute>
  </Attributes>
  <CreatedAt>1492389330113</CreatedAt>
  <CreatedBy>dchiesa@google.com</CreatedBy>
  <LastModifiedAt>1492716198373</LastModifiedAt>
  <LastModifiedBy>dchiesa@google.com</LastModifiedBy>
</Developer>

But you want ONE particular string from that. To get that you need an additional policy, ExtractVariables, configured like this:

<ExtractVariables name="Extract-DeveloperInfo">
    <Source>AccessEntity.AE-1</Source>
    <VariablePrefix>dev</VariablePrefix>
    <XMLPayload>
        <Variable name="skype_id" type="string">
            <XPath>/Developer/Attributes/Attribute[Name='skype_id']/Value/text()</XPath>
        </Variable>
    </XMLPayload>
</ExtractVariables><br>

...And after that policy executes, there will be a variable called 'dev.skype_id' that contains the skype_id value for this developer.

Report Inappropriate Content

Now it makes a whole lot more sense. Thanks for going this level of detail. I'm currently facing an issue while trying to follow your guidance.

I created a new AccessEntity just after the Verify OAuth v2.0 Access Token. I gave it the name "Access-DeveloperInfo", then I added an ExtractVariables policy after it, where I specify the source as :

<Source>Access-DeveloperInfo</Source>

But when I run the flow I'm seeing the following error:

{
  "fault": {
    "faultstring": "Access-DeveloperInfo message is not available for ExtractVariable: Extract-DeveloperInfo",
    "detail": {
      "errorcode": "steps.extractvariables.SourceMessageNotAvailable"
    }
  }
}

In the trace I see that the AccessEntity executed with no errors an it did read the client_id variable. Do you have any idea what may be missing?

Report Inappropriate Content

I noticed I missed the "AccessEntity" prefix at source declaration, should be like:

<Source>AccessEntity.Access-DeveloperInfo</Source>

But even after fixing that I kept having same exact error.

Then I tried changing EntityType to app, since the attribute I'm trying to get is actually from developer app. So I guess that's why it didn't work in my case after all. Then I had to modify a little bit the xpath, and now its working fine.

Thanks for the guidance. It was very helpful!

Report Inappropriate Content

@Dino

Same concept is mentioned in the AccessEntity policy docs,and even I am trying to implement the same :

My AccessEntity policy looks like this :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessEntity name="GetDeveloperProfile">
    <DisplayName>GetDeveloperProfile</DisplayName>
    <EntityType value="developer"/>
    <EntityIdentifier ref="request.queryparam.apikey" type="consumerkey"/>
</AccessEntity>

And just after this policy I have added ExtractVariable policy which looks like this :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ExtractVariables async="false" continueOnError="false" enabled="true" name="Extract-Variables-1">
    <DisplayName>Extract Variables-1</DisplayName>
    <Source>AccessEntity.GetDeveloperProfile</Source>
    <VariablePrefix>developer</VariablePrefix>
    <XMLPayload>
        <Variable name="rolevariable" type="string">
            <XPath>/Developer/Attributes/Attribute[Name='role']/Value/text()</XPath>
        </Variable>
    </XMLPayload>
</ExtractVariables>

While testing the policy, I am sending the consumer key in the query parameter and in the trace window I can see that Developer profile is getting extracted in the form of XML after AccessEntity policy gets executed, but then ExtractVariable policy is not able to extract the value of 'role' in the rolevariable.

There is nothing coming in the rolevariable.

I don't know what can be the reason behind it. Can you help ?

DChiesa

I can try to help if you ask a new question. Please don't post new questions as comments to 1-year old answers.

farhanshirgill

Thanks @Dino. This works great with the only exception that if the custom attribute isn't found, the extract variables policy for the custom attr variable will fail. In case of a single proxy operation being accessed by multiple consumers(multiple dev apps), and if I have only set the custom attribute on a specific consumer, the operation execution fails for other consumers. The continueOnError = true will fix this indeed, but is there any other way?

sreenivas_sp

hi There,

Good day.

verifyapikey.{policy_name_for_verify_api_key}.client_id: for consumer key

verifyapikey.{policy_name_for_verify_api_key}.client_secret : for consumer secret.
with this attribute from the developer app I was able to extract the Consumer key, and secret respectively.

for custom attributes defined at developer app level I was able to extract it via :

verifyapikey.{policy_name_for_verify_api_key}.custom_attribute_name in the developer app.

please let me know if any more details are needed around this.

Thank you,

Regards,

Sreenivas S P

sreenivas_sp

@Jacobo Villarreal

please use this along with verify api key , and the mentioned way , it must work.

Regards,

Sreenivas S P

nirmallamrin2k1

how to access custom attribute in product and developer level

venkat85cloud

Hello Srinivas,

I am trying to extract the custom attribute( IP range in CIDR) from the Apps page. Can i directly extract variable in to JS ?

soujanyaedunuri

You can access developer app variables in the subsequent policies using {app.<<custom_attribute_name>>}. Do not provide any prefix while accessing these variables.

In similar way, if you have custom attributes at developer level, you can access in proxy flows using {developer.<<custom_attribute_name>>}.

List of varaibles available at OAuth-VerifyAccessToken-Variables.

We have used apigee on prem 4.17.05 version. In this version, we don't require access entity, extract policies to fetch developer app or developer custom attributes.

gregkuelgen

As of now you can actually get direct access to custom attributes on the developer record when using the OAuthV2 policy to verify the access tokens. The attributes are automatically populated as a flow variable by the OAuthV2 policy using the format:

developer.{customattributename}

For example if you have a custom attribute defined for a developer with an attribute name of "customattribute1" you can directly access the value in your proxies by using the flow variable below:

developer.customattribute1

You can find more information in the docs.

How can I get custom attributes from developer app in proxy flow?