This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

OAuth2.0 third party token registration failing

Posted on 03-11-2021 04:02 PM
krishnakumartce
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

When registering third-party tokens in Apigee, I’m facing a problem.

After making a Service callout to Azure AD and obtaining an access token for an authorization code, I want to store this access token in Apigee Edge so I can use it validating resource calls later.

Here’s the OAuth policy for this –

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 async="false" continueOnError="false" enabled="true" name="OAuth-v20-Store-External-Token">
    <DisplayName>OAuth-v20-Store-External-Token</DisplayName>
    <FaultRules/>
    <Properties/>
    <Attributes/>
    <ExternalAuthorization>true</ExternalAuthorization>
    <Operation>GenerateAccessToken</Operation>
    <GenerateResponse enabled="true"/>
    <ExternalAccessToken>internal.accesstoken</ExternalAccessToken>
    <StoreToken>true</StoreToken>
    <GrantType>request.formparam.grant_type</GrantType>
    <SupportedGrantTypes>
        <GrantType>authorization_code</GrantType>
    </SupportedGrantTypes>
    <Tokens/>
</OAuthV2>

The access token extracted from Azure AD SC response is in the variable called internal.accesstoken which is assigned to the <ExternalAccessToken>

I’m getting the following error when this policy executes –

{

"ErrorCode": "invalid_request",

"Error": "Invalid Authorization Code"

}

I don’t understand this, as here I’m simply trying to add an access token to the Apigee data store and I’m not seeking to validate anything.

0 3 85
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
robert
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

change the grant type to client credentials and it will work. Apigee doesn't know about the auth code and you specified an auth code grant type. Either that or populate using something like this:

<ExternalAuthorizationCode>request.queryparam.external_auth_code</ExternalAuthorizationCode>

Take a look here for description: https://docs.apigee.com/api-platform/reference/policies/oauthv2-policy#externalauthorizationcode-ele...

0 Likes

Posted on --/--/---- --:-- AM
krishnakumartce
Bronze 4
Bronze 4
In response to robert
Reply posted on --/--/---- --:-- AM

I changed it to below and still getting the same error 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 async="false" continueOnError="false" enabled="true" name="OAuth-v20-Store-External-Token">
    <DisplayName>OAuth-v20-Store-External-Token</DisplayName>
    <FaultRules/>
    <Properties/>
    <Attributes/>
    <ExternalAuthorization>true</ExternalAuthorization>
    <Operation>GenerateAccessToken</Operation>
    <GenerateResponse enabled="true"/>
    <ExternalAuthorizationCode>request.formparam.code</ExternalAuthorizationCode>
    <!--<ExternalAccessToken>external.accesstoken</ExternalAccessToken> -->
    <StoreToken>true</StoreToken>
    <GrantType>request.formparam.grant_type</GrantType>
    <SupportedGrantTypes>
        <GrantType>authorization_code</GrantType>
    </SupportedGrantTypes>
    <Tokens/>
</OAuthV2>
0 Likes

Posted on --/--/---- --:-- AM
robert
Silver 2
Silver 2
In response to krishnakumartce
Reply posted on --/--/---- --:-- AM

you typically run two policies. Take a look here at the two policies:

OA-StoreExternalAuthorizationCode.xml

OA-StoreToken.xml

0 Likes