Solved: DeleteOAuthV2Info fails: "Invalid API call as no a...

Report Inappropriate Content · 11-13-2017 05:44 AM

I want to revoke an access code.

In the flow, there is 2 policies:

-"OAuthV2" - with operation VerifyAccessToken

-"DeleteOAuthV2Info"

Both operations have the same entry parameter: "request.formparam.token"

The first operation is successfull: the token is verfied and the associated product is well retrieved. The second operation fails with error: "Invalid API call as no apiproduct match found" and error.class: "com.apigee.rest.framework.security.UnAuthorizedException".

Policy Body:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<DeleteOAuthV2Info async="false" continueOnError="false" enabled="true" name="revokeToken">
    <DisplayName>revokeToken</DisplayName>
    <Properties/>
    <AccessToken ref="request.formparam.token"/>
</DeleteOAuthV2Info>

Where is the problem?

gregkuelgen

Are you simply trying to revoke an access token? You can do so using the OAuthV2 policy with the "InvalidateToken" operation.

<OAuthV2 name="InvalidateToken">
  <Operation>InvalidateToken</Operation>
  <Tokens>
    <Token type="accesstoken" cascade="true">flow.variable</Token>
  </Tokens>
</OAuthV2>

Documentation can be found here.

https://docs.apigee.com/api-services/content/validating-and-invalidating-access-tokens

View solution in original post

DChiesa

Sorry you're having trouble.

I've reproduced the problem you're experiencing.

I don't know what the problem is. I've filed a ticket on your behalf: b/69269396 .

Maybe @zzz_srichardson@apigee.com or @steve richardson or @Greg Kuelgen has some ideas.

Report Inappropriate Content

Thank you

Report Inappropriate Content

Yes even i am facing this issue for deleting access token.Though people are suggesting ti use Invalidate Token wayout, don't you think we are getting away from main concern which is "Delete policy is not working".

Please post an update on this front

Quick help will be highly appreciated. Thanks

@Anil Sagar can you plz help us on this

khanmohsin3011-

@Dino and @Anil Sagar did you find any updates on this problem statements that how do we revoke or delete access token by using Delete OAuth v2.0 policy in Apigee version 4.17.09.00

khanmohsin3011-

Just want to confirm that has this known issue resolved of "InvalidateToken" occurs when we use "DeleteOAuthInfo" policy.....?

dchiesa1

The fix has been created and applied. It is now pending deployment for Edge SaaS customers. It will be available for a patch release of OPDK, or in 18.09.

khanmohsin3011-

@Dino-at-Google I found the Apigee release note: https://docs.apigee.com/release/notes/apigee-release-notes

I'm not sure the issue fix will be released for the version 4.17.09.00 or do we need to update our OPDK version..?

dchiesa1

It will be available for a patch release of OPDK 18.01 and 18.05, but not for 17.09 .

It will also be available in 18.09.

khanmohsin3011-

Thanks, @Dino-at-Google

You mean to say we need to update our OPDK version of Apigee right..?

Also, one question arises here is if we update the version does that will affect our current PROD on-premises setup or things we will seamlessly work without disturbing our API proxy, Product and Dev_Application and developer portal too.

dchiesa1

Correct. You need to update OPDK to get this.

Regarding updates of OPDK - it will work seamlessly. All of your configuration (Proxies, products, apps, etc) will remain. In fact you can upgrade OPDK with no interruption in service. But to do that, you must upgrade according to the documented procedure. Check the docs!

khanmohsin3011-

Thanks a lot @Dino-at-Google

gregkuelgen

Are you simply trying to revoke an access token? You can do so using the OAuthV2 policy with the "InvalidateToken" operation.

<OAuthV2 name="InvalidateToken">
  <Operation>InvalidateToken</Operation>
  <Tokens>
    <Token type="accesstoken" cascade="true">flow.variable</Token>
  </Tokens>
</OAuthV2>

Documentation can be found here.

https://docs.apigee.com/api-services/content/validating-and-invalidating-access-tokens

Report Inappropriate Content

"InvalidateToken" operation corresponds to my need.

By the way, I'm not understand in which circuntances DeleteOAuthInfo should be used.

Thank you.

DeleteOAuthV2Info fails: "Invalid API call as no apiproduct match found"