How do I debug OAuthV2 policy for external access tokens?

I am trying to store an external access token using the OAuthV2 policy. I have a very weird case so things aren't in their standard place. When I execute the store external token, I get back an invalid_request error with no further information. How do I debug my request to the OAuthV2 policy to know what is missing?

0 2 78
2 REPLIES 2

Yes, that's a difficult problem. The OAuthV2 policy can be somewhat opaque when it detects an incorrect input. We should improve the transparency in error cause.

In the meantime, I don't have good suggestions for debugging your specific problem. Best recommendation is, follow a known-working example. Get it to work in your environment, without any changes. Then change things slightly, step by step, to approach what you need. (Don't change too many things all at once)

I'm not clear on the implications of "things aren't in their standard place", but the OAuth policy will insist on things like client id, client secret, and grant_type. Those need to be specified "in their standard place", eg, in the basic auth header and formparam, respectively.

Thanks. I was able to figure out my problem. I have a very weird scenario where I am trying to store an external access token where the request to get that token did NOT follow the standard OIDC. Therefore, the client id, client secret, grant_type. etc were NOT specified as form parameters. Therefore, the OAuthV2 policy failed to store because it couldn't find the appropriate pieces it needed. So I added an extra AssignMessage policy to set the necessary input to the request.formparam variables it expected.

Also, I was doing a password grant_type so that required username and password, etc. So what I am looking for is better documentation on the OAuthV2 policy so that for a given Operation value, what inputs are required. And when something goes wrong, be more specific in the error message. So instead of saying invalid_request, I would want it to say something like, "cannot find username at request.formparam.username variable", etc.