This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

External Authorization OAuth Client_id not customisable

Posted on 07-04-2017 02:46 AM
pallavi_mishra
New Member
Reply posted on --/--/---- --:-- AM

Hi,

I am trying to implement Oauth Policy with External Authorization

Following is my OAuth Policy for Generating the access code

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 async="false" continueOnError="false" enabled="true" name="ExternalToken">
    <ClientId>request.queryparam.client_id</ClientId>
    <ExternalAccessToken>temp.token</ExternalAccessToken>
    <ExternalAuthorization>true</ExternalAuthorization>
    <GrantType>temp.grant_type</GrantType>
    <Operation>GenerateAccessToken</Operation>
    <GenerateResponse enabled="true"/>
    <StoreToken>true</StoreToken>
    <SupportedGrantTypes>
        <GrantType>client_credentials</GrantType>
    </SupportedGrantTypes>
</OAuthV2>

While ByDefault Client_Id is expected to be part of Form Params, but i wish to pass it via queryparam or some other way other than Form Params.

So i tried adding the Tag

<ClientId>request.queryparam.client_id</ClientId>

But this doesnot seem to work , since when i do the call i get invalid_client Client Identifier required error.

But when i pass it in Body as www-url-encoded parameter it works fine

Can someone please help.Can we not change or alter this behaviour

Solved Solved
0 5 659
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
willwitman
Staff
Reply posted on --/--/---- --:-- AM

Hi @Pallavi Mishra -- As you noticed, the docs specify that Edge expects the client id to be in a form parameter. The words "by default" may be confusing, as I am also not able to get it to work with a query parameter and the <ClientId> set in the policy. It could be the doc should be more clear in stating the client ID must be passed in a form parameter. I'll investigate to make sure the docs are updated correctly (if that's in fact the case and its not a bug).

In the meantime, I was able to manually set the client_id in a form parameter using a value sent in a query parameter using an AssignMessage policy. This trick worked for me. Put the policy anywhere before your OAuthV2 policy executes. Hope this helps. 

<AssignMessage async="false" continueOnError="false" enabled="true" name="SetParam">
    <DisplayName>SetParam</DisplayName>
    <Properties/>
    <Set>
        <FormParams>
            <FormParam name="client_id">{request.queryparam.client_id}</FormParam>
        </FormParams>
    </Set>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>

View solution in original post

Jump to Solution
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
willwitman
Staff
Reply posted on --/--/---- --:-- AM

Hi @Pallavi Mishra -- As you noticed, the docs specify that Edge expects the client id to be in a form parameter. The words "by default" may be confusing, as I am also not able to get it to work with a query parameter and the <ClientId> set in the policy. It could be the doc should be more clear in stating the client ID must be passed in a form parameter. I'll investigate to make sure the docs are updated correctly (if that's in fact the case and its not a bug).

In the meantime, I was able to manually set the client_id in a form parameter using a value sent in a query parameter using an AssignMessage policy. This trick worked for me. Put the policy anywhere before your OAuthV2 policy executes. Hope this helps. 

<AssignMessage async="false" continueOnError="false" enabled="true" name="SetParam">
    <DisplayName>SetParam</DisplayName>
    <Properties/>
    <Set>
        <FormParams>
            <FormParam name="client_id">{request.queryparam.client_id}</FormParam>
        </FormParams>
    </Set>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>
Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
pallavi_mishra
New Member
In response to willwitman
Reply posted on --/--/---- --:-- AM

Hi,

Yes I was already using this workaround, but since as you mentioned in the documentation it shows like By default, hence causing this confusion.

Regards,

Pallavi

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
pallavi_mishra
New Member
In response to willwitman
Reply posted on --/--/---- --:-- AM

Hi

Let me know if this indeed is a bug or a doxumentation Fix.

Regards,

Pallavi

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
willwitman
Staff
In response to pallavi_mishra
Reply posted on --/--/---- --:-- AM

Hi @Pallavi Mishra,

I will let you know -- I filed a product issue after our initial thread and am waiting to hear back.

Best regards,

Will

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
daniel_biales
New Member
In response to pallavi_mishra
Reply posted on --/--/---- --:-- AM

This seems to be a bug

Jump to Solution
0 Likes