We are using OAuth 2.0 for authentication purposes, we have a proxy and we have OAuth2.0 Policy,we are passing query parameter grant_type as client_credentials, and we tried supplying client_id and client_secret in form body, also we tried by passing encoded cient_id and client-secret in Authorization header, we do get 200 OK response and token details at times and 500 error often. We are hitting the proxy several times to retrieve token. We are getting below exceptions. Is there any restriction for requesting token ? (we tried postman, jquery-ajax, cURL command and using console Application also, but issue is same )kindly provide an insight on this
we tried supplying client_id as username and client_secert as password in form body, still no luck
Can you show your OAuthV2 policy configuration?
This one works for me, when using client_credentials grant type.
<OAuthV2 name='OAuthV2-GenerateAccessToken-CC'>
<Operation>GenerateAccessToken</Operation>
<!--
ExpiresIn, in milliseconds. The ref is optional. The explicitly specified
value is the default, when the variable reference cannot be resolved.
1800000 = 30 minutes
2400000 = 40 minutes
3600000 = 60 minutes
-->
<ExpiresIn ref='flow.variable'>1800000</ExpiresIn>
<!--
RefreshTokenExpiresIn, in milliseconds. Optional; if it is not
specified, the default value will be used which is -1 (no expiration).
691200000 = 8 days
2592000000 = 30 days
-->
<RefreshTokenExpiresIn>691200000</RefreshTokenExpiresIn>
<SupportedGrantTypes>
<!--
for client_credentials, the client_id and client_secret must be
passed in , in the Basic Auth header, as per the
specification.
-->
<GrantType>client_credentials</GrantType>
</SupportedGrantTypes>
<!-- variable that specifies the requested grant type -->
<GrantType>request.formparam.grant_type</GrantType>
<Attributes>
<Attribute name='grant_type'
ref='request.formparam.grant_type'
display='true'>UNDEFINED</Attribute>
</Attributes>
<GenerateResponse enabled='true'/>
<!--
If you include GenerateResponse and have enabled='true', then
the response is sent directly to the caller. The payload looks like
this:
{
"issued_at": "1420262924658",
"scope": "READ",
"application_name": "ce1e94a2-9c3e-42fa-a2c6-1ee01815476b",
"status": "approved",
"api_product_list": "[PremiumWeatherAPI]",
"expires_in": "1799",
"developer.email": "tesla@weathersample.com",
"organization_id": "0",
"token_type": "BearerToken",
"client_id": "5jUAdGv9pBouF0wOH5keAVI35GBtx3dT",
"access_token": "2l4IQtZXbn5WBJdL6EF7uenOWRsi",
"organization_name": "docs",
"refresh_token_expires_in": "0",
"refresh_count": "0"
}
If you omit GenerateResponse or have enabled='false', then
these flow variables are set on success:
oauthv2accesstoken.OAuthV2-GenerateAccessToken-CC.access_token
oauthv2accesstoken.OAuthV2-GenerateAccessToken-CC.token_type
oauthv2accesstoken.OAuthV2-GenerateAccessToken-CC.expires_in
oauthv2accesstoken.OAuthV2-GenerateAccessToken-CC.refresh_token
oauthv2accesstoken.OAuthV2-GenerateAccessToken-CC.refresh_token_expires_in
oauthv2accesstoken.OAuthV2-GenerateAccessToken-CC.refresh_token_issued_at
oauthv2accesstoken.OAuthV2-GenerateAccessToken-CC.refresh_token_status
-->
</OAuthV2>
Something in your policy configuration is referencing request.formparam.username,
either implicitly or explicitly.
You can find a full working example of a proxy that dispenses OAuth2.0 tokens via client_credentials grant type, here: https://github.com/DinoChiesa/devjam3-20170405/tree/master/Resources/oauth2-cc
we do get 200 OK response and token details at times ,but we are getting 500 error often .our policy looks similar to what you have ,below is the screenshot of our policy
can you please help us to clear this issue
ok that looks pretty simple. Client credentials is the simplest kind of OAuth grant there is.
Looking again at the error code you showed in the first message, it appears that it is being thrown by the BasicAuthentication policy, not the OAuth policy. And the error in particular is "failed to resolve variable." Is it possible that the API proxy is receiving requests that do not have the referenced formparam set? That would lead to the error you are seeing.
Maybe introduce a <Condition> element wrapping a RaiseFault before the BasicAuthentication policy, which returns a specific error in the case the required formparam is not being set.
that might help.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |