​How do I compare the state attribute in my token to the query param in the request?

I have the ff. Request to save a state on token creation\

/token?grant_type=client_credentials&scope=all&state=Unused

It's just that I want to know if my token has the same state as the one being looked up for by the request as I will be using the state of the token to determine whether if the token has already been used or not. I'm using the ff. conditions, and it doesn't seem to determine whatever value is the value of state in my token.

<Step>
 <Condition>
(request.queryparam.state NotEquals accesstoken.state)
</Condition>
<Name>RF-TokenAlreadyUsed</Name>  
</Step>
Solved Solved
1 1 93
1 ACCEPTED SOLUTION

Turns out I was using the state wrong. A state should function like this as stated in this thread.

https://stackoverflow.com/questions/26132066/what-is-the-purpose-of-the-state-parameter-in-oauth-aut...

So in order for me to be able to do what I want to do is that I should add another attribute to the token so that I would know if the token is already used or not. It's not that I havent done a similar thing before using an attribute, rather I thought the use of state is for token accessibility.

View solution in original post

1 REPLY 1

Turns out I was using the state wrong. A state should function like this as stated in this thread.

https://stackoverflow.com/questions/26132066/what-is-the-purpose-of-the-state-parameter-in-oauth-aut...

So in order for me to be able to do what I want to do is that I should add another attribute to the token so that I would know if the token is already used or not. It's not that I havent done a similar thing before using an attribute, rather I thought the use of state is for token accessibility.