Solved: Loop through oauthv2accesstoken.{policy_name} vari...

jeffersonlanier · 05-12-2019 08:52 AM

So, I'm doing a password grant flow w/ a third-party authenticator and need to set <GenerateResponse enabled="false"/>.

I found a list of all of the variables available to me but I don't see OAuth2 custom attributes being available according to here: https://docs.apigee.com/api-platform/reference/policies/oauthv2-policy#flowvariables-generateaccesst...

But I am able to create my custom json payload for successful access_tokens via:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="AM-ReplacePayload">
    <DisplayName>AM-ReplacePayload</DisplayName>
    <Properties/>
    <Set>
        <Payload contentType="application/json">
{
    "api_product_list": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.api_product_list}",
    "api_product_list_json": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.api_product_list_json}",
    "organization_name": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.organization_name}",
    "developer.email": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.developer.email}",
    "client_id": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.client_id}",	
    "token_type": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.token_type}",	
    "status": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.status}",	
    "issued_at": {oauthv2accesstoken.OA-GenerateAccessToken-Password.issued_at},
    "expires_in": {oauthv2accesstoken.OA-GenerateAccessToken-Password.expires_in},
    "access_token": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.access_token}",
    "scope": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.scope}",
    "refresh_token_status": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.refresh_token_status}",
    "refresh_token_issued_at": {oauthv2accesstoken.OA-GenerateAccessToken-Password.refresh_token_issued_at},
    "refresh_token_expires_in": {oauthv2accesstoken.OA-GenerateAccessToken-Password.refresh_token_expires_in},
    "refresh_token": "{oauthv2accesstoken.OA-GenerateAccessToken-Password.refresh_token}",	
    "refresh_count": {oauthv2accesstoken.OA-GenerateAccessToken-Password.refresh_count}
}
        </Payload>
    </Set>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>

I tried messing around with var oauthObj = context.getVariable('oauthv2accesstoken.OA-GenerateAccessToken-Password'); in a javascript callout but I usually end up getting an error such as "blah blah blah...com.apigee.steps.oauth.v2.TokenAttributesFlowInfo@<some_memory>" denied or unavailable.

Does anyone know how to cycle through all of the keys so I can see what's available?

dchiesa1

Hmmm, yes

I see what you're getting at.

You want to iterate through ALL of the attribute names (custom or "standard") set by a particular OauthV2 GenerateAccessToken policy.

And if you try to read the context variable "oauthv2accesstoken.POLICYNAME" from witihn a JavaScript policy, it doesn't let you look at all the variable names as you wish it would.

That is currently a limitation in the behavior of the product.

I can see that it would be nice if the JavaScript policy could retrieve all the names of these attributes.

Let me look into enhancing it to make that possible. ref: b/132700950

But in the meantime, I don't know a way to do what you want, unfortunately.

View solution in original post

dchiesa1

Hmmm, yes

I see what you're getting at.

You want to iterate through ALL of the attribute names (custom or "standard") set by a particular OauthV2 GenerateAccessToken policy.

And if you try to read the context variable "oauthv2accesstoken.POLICYNAME" from witihn a JavaScript policy, it doesn't let you look at all the variable names as you wish it would.

That is currently a limitation in the behavior of the product.

I can see that it would be nice if the JavaScript policy could retrieve all the names of these attributes.

Let me look into enhancing it to make that possible. ref: b/132700950

But in the meantime, I don't know a way to do what you want, unfortunately.

jeffersonlanier

Thank you!

As an example, {oauthv2accesstoken.POLICYNAME.api_product_list_json} and {oauthv2accesstoken.POLICYNAME.application_name} worked even though they aren't documented.

Oh, and if you're looking for the custom attributes associated with an access token, I saw somewhere that it was {oauth2accesstoken.POLICYNAME.access_token.CUSTOM_ATTRIBUTE}.

Loop through oauthv2accesstoken.{policy_name} variables using JavaScript?