Please tell me about hashing of access tokens

Not applicable

We use OPDK 4.17.01.

Please tell me about hashing of access tokens.

I tried the following, but failed Set OAuth V2 Info policy.

The setting contents are as follows.

features.isOAuthTokenHashingEnabled = true

features.OAuthTokenHashingAlgorithm = SHA512

The error message is as follows.(Status code 500error)

{"fault".{"faultstring":"Invalid Access Token","detail":{"errorcode":"keymanagement.service.invalid_access_token"}}}

What is the cause?

Do you need the following settings?

features.isOAuthTokenFallbackHashingEnabled = true
features.OAuthTokenFallbackHashingAlgorithm = SHA1 | SHA256 | SHA384 | SHA512 | PLAIN
Solved Solved
0 4 432
1 ACCEPTED SOLUTION

Not applicable

Hi Tomoya,

Can you check if the Access Token you passed to the policy is not the hashed one?
It should be the original token returned initially by the request of generating the token.

Also please check with the management API 'Get OAuth 2.0 Access Token' that the token is valid. https://apidocs.apigee.com/management/apis/get/organizations/%7Borg_name%7D/oauth2/accesstokens/%7Ba...

Thanks,
Toshi

View solution in original post

4 REPLIES 4

Not applicable

Please advise because it is not solved.

Not applicable

Hi Tomoya,

Can you check if the Access Token you passed to the policy is not the hashed one?
It should be the original token returned initially by the request of generating the token.

Also please check with the management API 'Get OAuth 2.0 Access Token' that the token is valid. https://apidocs.apigee.com/management/apis/get/organizations/%7Borg_name%7D/oauth2/accesstokens/%7Ba...

Thanks,
Toshi

Hi Tomoya,

To the point you mentioned in the question regarding the configuration:

features.isOAuthTokenFallbackHashingEnabled = true
features.OAuthTokenFallbackHashingAlgorithm = SHA1 | SHA256 | SHA384 | SHA512 | PLAIN

only if the features.OAuthTokenFallbackHashingAlgorithm is PLAIN, the stored hashed is valid, since the digest (plain) by the passed token as is just matches the hashed token.

Otherwise only the original token without being hashed is valid.
Can you please check if this is the same result of you tests?

Thanks,
Toshi

Hi Toshi, Thanks for your comment.

Following the advice, I solved it by specifying PLAIN.

Thank you very much.