Reading Oauth Token Attribute Issue in Apigee 4.17.09
HI Team,
I have added the new attribute in access token (eg: stamp-Contract) with some default value using APIGEE management call. The APIGEE management call is a part of API call i.e used for updating attribute in token.
Using the verify access token policy in the API i.e used to retrieve the new attribute added, but unfortunately, it didn't.
Do you have an idea is updating the value takes time in DB? .
Note: I can see this issue in 4.17.09 version, not in previous versions.
Any help would be appreciated
Hi, thanks for the question.
We need more details, more specifics.
I have added the new attribute in access token (eg: stamp-Contract) with some default value using APIGEE management call.
exactly what did you do? How? Show the call. Be very specific.
The APIGEE management call is a part of API call i.e used for updating attribute in token.
I don't know what this means. You'll need to be clearer.
We have two API proxy calls, one for writeTokenStamp(POST), readTokeStamp(Get). The Post calls has the custom attribute key and value(writeTokenStamp) which calls API management(/v1/organizations/scs/oauth2/accesstokens/***) to add the new attribute in accessToken.
Now, there is readTokenStamp call, which has ValidateAccessToken-OAuth(same value used in write token stamp), we are trying to retrieve accesstoken.{custom-attribute}, but the policy didn't fetch the value. I noticed this issue is in 4.17.09 but in earlier versions, it is working fine.
WriteTokenStamp Request
{
"type":"${stamp_type}",
"value":"${stamp_value_simple}",
"access_token":"${access_token}"
}
Response:
{"type":"{type}","key":"{key}"}
ReadTokenStamp Request(GET):
type={fetched from response of writeTokenSTamp}&key={{fetched from response of writeTokenSTamp}}∾cess_token={same accessTokenused in writeTokenSTamp}
Fails at retrieving accesstoken.{customeattribute}
Answer by Dino-at-Google
·
Jun 22, 2018 at 04:18 PM
Thanks for the details. I'm clear on what is happening now.
The Post calls has the custom attribute key and value(writeTokenStamp) which calls API management(/v1/organizations/scs/oauth2/accesstokens/***) to add the new attribute in accessToken.
You shouldn't do that. You should not be calling management APIs from within the API Proxy flow. The management APIs are not set up to be online APIs. They do not have the same quality of service as the API Proxy. Don't do this. It's not supported. The fact that "it worked before" is not a good reason to continue doing it. Apigee Edge is not designed to support what you are doing. Updating things via the management server does not cause the runtime (API Proxy) to get the latest data. That it worked before is a surprise to me. It's not documented as supported. In short: Don't do this.
There is a supported way to do what you want. To update attributes on a token, you should use SetOauthV2Info. Here's a suggestion on a similar question.
Thank you Dino for suggestion. Just a followp question and not to change the existing design of API, during migration it to new APIGEE cloud version.
In our proxy we have attribute name as dynamic (eg: stamp-{type}|{random32 bit key}), Is it possible to have the attribute name as dynamic in SetOauthV2Info.
No, the name is static. The value can be dynamic.
