How can you fetch stored Refresh token ,Client ID and client secret for generating external token ?

Not applicable

Hi,

My use case is that i have to integrate APIGEE with external authorization. Client will be redirected to External IDP. It will provide client id, client secret, username and password. In response IDP (On success) will redirect to Apigee with access_token and refresh_token. Now i'm using Oauth Policy to get Apigee token. There it needs client_id as well. (Is there a way, i can get registered consumer_key or client id which was registered with APIGEE). I couldn't find the way. What i did is that i took Client_id and client_secret of External IDP and imported that in Apigee ( so that both will use same client id) and changed IDP response to return client_id as well along with the token. ( so that i can pass that client_id to OAuth policy )

Now Oauth Policy generated the token. In another proxy, i verified that token. But if token is expired, i have to call External IDP to generate new token. For that call, i would need refresh_token, client_id, client_secret and access_token ( This i will get it from request ). How can i get other three parameters which are stored somewhere in edge.

0 1 848
1 REPLY 1

Hi @hughespoc - When a developer registers for a developer app in Edge, she is given the client ID and secret, which would typically be stored on and used by the client. When the client gets the "expired token" error, it should be able to request a new token using the refresh token that it has. Your proxy would have to send that token to the external IDP and run through the same flow where the returned tokens are added to Edge as "external tokens".

If you for some reason want to store the tokens in Edge, maybe use the key-value map policy. When a token is generated, a set of flow variables are set in the flow enabling you to grab/store them. To do this, set GenerateResponse to false in your OAuthV2 policy. If a token is not expired, you can also use the GetOAuthV2Info policy to get the token metadata.

Hope this helps -- If I've misunderstood your use case, please provide additional details and/or code that will help someone suggest a solution.