{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Adapter for Envoy
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • 日本語コミュニティ
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Private Cloud Deployment /
avatar image
0
Question by Mohit Baveja · Jun 22, 2018 at 01:13 PM · 157 Views oauth2

Reading Oauth Token Attribute Issue in Apigee 4.17.09

HI Team,

I have added the new attribute in access token (eg: stamp-Contract) with some default value using APIGEE management call. The APIGEE management call is a part of API call i.e used for updating attribute in token.

Using the verify access token policy in the API i.e used to retrieve the new attribute added, but unfortunately, it didn't.

Do you have an idea is updating the value takes time in DB? .

Note: I can see this issue in 4.17.09 version, not in previous versions.

Any help would be appreciated

Comment
Add comment Show 2
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Dino-at-Google ♦♦   · Jun 22, 2018 at 02:57 PM 0
Link

Hi, thanks for the question.

We need more details, more specifics.

I have added the new attribute in access token (eg: stamp-Contract) with some default value using APIGEE management call.

exactly what did you do? How? Show the call. Be very specific.

The APIGEE management call is a part of API call i.e used for updating attribute in token.

I don't know what this means. You'll need to be clearer.

avatar image Mohit Baveja Dino-at-Google ♦♦ · Jun 22, 2018 at 03:54 PM 0
Link

We have two API proxy calls, one for writeTokenStamp(POST), readTokeStamp(Get). The Post calls has the custom attribute key and value(writeTokenStamp) which calls API management(/v1/organizations/scs/oauth2/accesstokens/***) to add the new attribute in accessToken.

Now, there is readTokenStamp call, which has ValidateAccessToken-OAuth(same value used in write token stamp), we are trying to retrieve accesstoken.{custom-attribute}, but the policy didn't fetch the value. I noticed this issue is in 4.17.09 but in earlier versions, it is working fine.

WriteTokenStamp Request
{
	"type":"${stamp_type}",
	"value":"${stamp_value_simple}",
	"access_token":"${access_token}"
}

Response:

{"type":"{type}","key":"{key}"}

ReadTokenStamp Request(GET):

type={fetched from response of writeTokenSTamp}&key={{fetched from response of writeTokenSTamp}}∾cess_token={same accessTokenused in writeTokenSTamp}

Fails at retrieving accesstoken.{customeattribute} 

Close

1 Answer

  • Sort: 
avatar image
2

Answer by Dino-at-Google   · Jun 22, 2018 at 04:18 PM

Thanks for the details. I'm clear on what is happening now.

The Post calls has the custom attribute key and value(writeTokenStamp) which calls API management(/v1/organizations/scs/oauth2/accesstokens/***) to add the new attribute in accessToken.

You shouldn't do that. You should not be calling management APIs from within the API Proxy flow. The management APIs are not set up to be online APIs. They do not have the same quality of service as the API Proxy. Don't do this. It's not supported. The fact that "it worked before" is not a good reason to continue doing it. Apigee Edge is not designed to support what you are doing. Updating things via the management server does not cause the runtime (API Proxy) to get the latest data. That it worked before is a surprise to me. It's not documented as supported. In short: Don't do this.

There is a supported way to do what you want. To update attributes on a token, you should use SetOauthV2Info. Here's a suggestion on a similar question.

Comment
Add comment Show 2 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Mohit Baveja · Jun 23, 2018 at 09:39 AM 0
Link

Thank you Dino for suggestion. Just a followp question and not to change the existing design of API, during migration it to new APIGEE cloud version.

In our proxy we have attribute name as dynamic (eg: stamp-{type}|{random32 bit key}), Is it possible to have the attribute name as dynamic in SetOauthV2Info.

avatar image Dino-at-Google ♦♦ Mohit Baveja   · Jun 25, 2018 at 07:31 PM 0
Link

No, the name is static. The value can be dynamic.

Follow this Question

Answers Answers and Comments

48 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

List oauth2 tokens on Edge platform 1 Answer

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2021 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Adapter for Envoy
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • 日本語コミュニティ
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Badges