Get OAuth attribute and pass to target

Not applicable

I am trying to get an attribute from my access token, for example the application or username and then pass it to the target service either in the query string or as a header. This way the target service knows who authenticated and is calling the method.

How can I configure this?

0 1 365
1 REPLY 1

Hi Mike,

this is a really simple thing, I'm sorry it's taken two days and no one has responded yet.

When you verify an access token, the policy configuration is usually quite simple, like this:

<OAuthV2 name='OAuthV2-VerifyToken'>
  <Operation>VerifyAccessToken</Operation>
</OAuthV2>

This policy implicitly sets context variables when the token is valid. These include:

  • organization_name
  • developer.id
  • developer.app.name
  • client_id
  • grant_type
  • token_type
  • access_token
  • accesstoken.{custom_attribute}
  • issued_at
  • expires_in
  • status
  • scope
  • apiproduct.{custom_attribute_name}

This behavior is documented.

The attribute you set on the token is then available as a context variable named access_token.ATTRIBUTENAME where ATTRIBUTENAME is the name of the attribute in your OAuthV2/GenerateAccessToken policy.

To send that to the target, use an assignMessage policy to add a queryparam or header:

<AssignMessage name='AM-AddQueryOrHeader'>
  <AssignTo createNew='false' type='request'/>
  <Set>
    <QueryParams>
      <QueryParam name='outgoingParamName'>{accesstoken.ATTRIBUTENAME}</QueryParam>
    </QueryParams>
    <Headers>
      <Header name='x-My-Header'>{accesstoken.ATTRNAME}</Header>
    </Headers>
  </Set>
</AssignMessage>

You need to attach that AssignMessage policy somewhere in the proxy request flow, or the target request flow.

Does it make sense?