This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How do I use an external access token in Apigee?

Posted on 06-23-2017 01:19 AM
Not applicable
Reply posted on --/--/---- --:-- AM

I'm trying to use an external access token in Apigee, but I get the following error code:

{"ErrorCode" : "invalid_client", "Error" :"Client identifier is required"}

I already have an APIkey verification policy in the flow. Should I do anything more to let the oauth policy know the client identifier?

This is my OAuth2 generate token xml:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 async="false" continueOnError="false" enabled="true" name="generate-access-token">
    <DisplayName>OAuth v2.0: Generate Token</DisplayName>
    <Properties/>
    <Attributes>
        <Attribute name="scope" ref="scope"/>
        <Attribute name="id_token" ref="id_token"/>
    </Attributes>
    <ExternalAuthorization>true</ExternalAuthorization>
    <ExternalAccessToken>access_token</ExternalAccessToken>
    <Operation>GenerateAccessToken</Operation>
    <SupportedGrantTypes>
        <GrantType>password</GrantType>
        <GrantType>authorization_code</GrantType>
        <!--<GrantType>refresh_token</GrantType>-->
    </SupportedGrantTypes>
    <GenerateResponse enabled="true"/>
    <Tokens/>
    <Tokens/>
</OAuthV2>

APIkey verification:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<VerifyAPIKey async="false" continueOnError="false" enabled="true" name="verify-api-key">
    <DisplayName>verify api key</DisplayName>
    <Properties/>
    <APIKey ref="request.header.apikey"/>
</VerifyAPIKey>
0 2 941
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
Reply posted on --/--/---- --:-- AM

Hi @Friso Denijs

Please follow the steps provided here. You need to provide the client info and the grant_type in the request (qp or form param).

You can provide the info using AssignMessage policy

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage name="set-external-auth-status">
    <DisplayName>set-external-auth-status</DisplayName>
    <AssignTo createNew="true" type="request">request</AssignTo>
    <Set>
        <FormParams>
            <FormParam name="client_id">{request.header.apikey}</FormParam>
            <FormParam name="grant_type">{request.queryparam.grant_type}</FormParam>
        </FormParams>
    </Set>
    <AssignVariable>
        <Name>oauth_external_authorization_status</Name>
        <Value>true</Value>
    </AssignVariable>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
</AssignMessage>
0 Likes

Posted on --/--/---- --:-- AM
willwitman
Staff
Reply posted on --/--/---- --:-- AM

Hi @Friso Denijs - Were you able to get the external token to work by following the doc Sai recommended?

0 Likes