Sub-Query regarding oauth pkce sample on github

mgarg · 01-07-2019 03:40 AM

Hello Dino,

I have done the setup for the oauth pkce proxy on github link

https://github.com/DinoChiesa/Edge-OAuthV2-PKCE-Proxy.

But When I try to execute the proxy I am facing issue with the hosted target. After redirection from the authorize call to the /login it works fine, but later it fails when it is routed to the hosted target.

Below is the error which I am getting: {"fault":{"faultstring":"Hosted target error","detail": {"errorcode":"messaging.adaptors.http.flow.HostedTargetError"}}}

Attaching the trace for reference.Please let me know if I am missing anything and how can I resolve the issue.

Thanks & Regards

Manish Garg

nimishamahale

@Dino @Dino-at-Google

Attaching the trace.trace-1546812412473.zip

nimishamahale

@Dino

sidd-harth

Hi @Manish Garg, I have tried the same repo on my free Apigee Cloud and it is working fine.

BTW Hosted Targets are only available on Apigee Cloud, in your Trace I can see that you are using a custom domain, kindly confirm if your org is Cloud/On-Prem.

@Dino-at-Google, I came across a small typo in repo ReadMe,

Missing ampersand(&) in line 87, curl command query string just before code_challenge_method query parameter.

ORG=MyORG
ENV=myenv
client_id=whatever
client_secret=whatever
redirect_uri=https://dinochiesa.github.io/pkce-redirect/callback-handler.html
code_verifier=SOME_RANDOM_STRING_OF_CHARACTERS_OF_SUFFIcienT_LENGTH
code_challenge=BASE64URL(SHA256(code_verifier))

curl -i -X GET "https://$ORG-$ENV.apigee.net/20181127/oauth2-ac-pkce/authorize?client_id=${client_id}&redirect_uri=${redirect_uri}&response_type=code&scope=A&code_challenge=${code_challenge}&code_challenge_method=S256"

dchiesa1

Thanks, Siddharth, I've fixed that typo now.

dchiesa1

@nimishamahale,

It looks like you are using Apigee Edge SaaS to me. An org provisioned in EU West. The next question is, does your org support hosted targets?

If it does, then, we need to make sure you've deployed the example proxy successfully.

You can look for yourself by examining the HT Build and runtime logs.

See here: https://docs.apigee.com/api-platform/hosted-targets/hosted-targets-tasks#accessing-log-files

...for information on how to do this.

nimishamahale

Thanks @Siddharth Barahalikar and @Dino-at-Google.

I tried on my personal org and the sample is working fine. But when I am trying to execute the same on my enterprise org I am getting 500 error with description-{"fault":{"faultstring":"Hosted target error","detail": {"errorcode":"messaging.adaptors.http.flow.HostedTargetError"}}}

Could you let me know if we need to enable any configuration or settings on our enterprise org?

Thanks & Regards,

Nimisha.

dchiesa1

Yes, you can query the org properties yourself like this:

mgmtserver=https://api.enterprise.apigee.com
org=myorg
curl -i -u $username $mgmtserver/v1/o/$org

in the response you should look for a property called 'isEdgeFunctionsEnabled', like this:

 "properties" : {
    "property" : [ {
      "name" : "features.isSmbOrganization",
      "value" : "false"
    }, {
      "name" : "features.isEdgeFunctionsEnabled",
      "value" : "true"
    }, {

If it is not present, you need to contact Apigee Edge support and ask to enable it.

If it is present, then you need to check the build and runtime logs as I Suggested in my comment above.

nimishamahale

Hello @Dino-at-Google,

The properties look fine as shown below:

"properties":

{ "property":

[ { "name": "subscriptionType", "value": "enterprise" },

{ "name": "features.isSmbOrganization", "value": "false" },

{ "name": "features.isEdgeFunctionsEnabled", "value": "true" }

]}

Actually when I am trying to execute the "HelloWorld" sample on my enterprise org I am facing the same issue. The same is working on my personal org.

Not able to find anything from the build and runtime logs.

Can I raise a ticket with apigee to resolve the issue.

Regards,

Nimisha

dchiesa1

Yes, I suggest you raise a ticket with support.

If I were you I might also try implementing a "Hello world" Hosted Target API Proxy. Just follow the basic tutorial for hosted targets, and see if you get the same error. (Make the scenario less complex than the PKCE example)