mask/exclude developer.email,api_product_list values from Oauth access token json response

Not applicable

Hi,

Is it possible to mask/exclude few of the fields in the json response received when we make api call to get access token.

For example if we want to mask/exclude developer.email,api_product_list fields in the below json response.

{
  "issued_at" : "1466025769306",
  "application_name" : "716bbe61-f14a-4d85-9b56-a62ff8e0d347",
  "scope" : "",
  "status" : "approved",
  "api_product_list" : "[helloworld_oauth2-Product]",
  "expires_in" : "3599", //--in seconds
  "developer.email" : "nigel@example.com",
  "token_type" : "BearerToken",
  "client_id" : "xNnREu1DNGfiwzQZ5HUN8IAUwZSW1GZW",
  "access_token" : "GTPY9VUHCqKVMRB0cHxnmAp0RXc0",
  "organization_name" : "myOrg",
  "refresh_token_expires_in" : "0", //--in seconds
  "refresh_count" : "0"
}

Thanks,

Ramya

1 2 131
2 REPLIES 2

Hi @Ramya S M

You can set the GenerateResponse config in your OAuth policy to false - something like

<GenerateResponse enabled="false"/>

and then use the Assign Message policy to set the required OAuth variables in your response. For example, your Assign Message policy can be configured something like:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="AM-AccessToken-Response">
  <DisplayName>AM-AccessToken-Response</DisplayName>
  <Properties/>
  <Set>
    <Payload contentType="application/json" >
      {
         "access_token":"{oauthv2accesstoken.OAuth2-Generate-AccessToken.access_token}",
         "refresh_token":"{oauthv2accesstoken.OAuth2-Generate-AccessToken.refresh_token}",
         "scope":"{oauthv2accesstoken.OAuth2-Generate-AccessToken.scope}",
         "expires_in":"{oauthv2accesstoken.OAuth2-Generate-AccessToken.expires_in}"
      }
    </Payload>
  </Set>
  <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
  <AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>

So in the above sample, I am using the populated OAuth policy flow variables and building the response content instead of the standard response.

Hope this is useful. For more info, check this link

You can also set the following:

<GenerateResponse enabled="true"/>

and then set the attributes to false:

<Attributes>
	<Attribute name="api_product_list" ref="api_product_list" display="false"/>
	<Attribute name="api_product_list_json" ref="api_product_list_json" display="false"/>
	<Attribute name="application_name" ref="application_name" display="false"/>
	<Attribute name="developer.email" ref="developer.email" display="false"/>
	<Attribute name="organization_name" ref="organization_name" display="false"/>
</Attributes>