Hi,
I am using AccessEntity policy to get developer app name from client_id. Here is the trace that I get after using following policy:
<AccessEntity async="false" continueOnError="false" enabled="true" name="GetDevAppProfile"> <DisplayName>GetDevAppProfile</DisplayName> <EntityType value="app"/> <EntityIdentifier ref="request.queryparam.client_id" type="consumerkey"/> </AccessEntity>
|
---|
How to extract the value of App name, i.e. 'Developer App Test1'.
Same value appeared in
AccessEntity.ChildNodes.GetDevAppProfile.App.Attributes.Attribute.1.Value
as well and trying to get this one as below does not work
<ExtractVariables name="SetDevAppProfile"> <Source>AccessEntity.GetDevAppProfile</Source> <VariablePrefix>devapp</VariablePrefix> <XMLPayload> <Variable name="name" type="string"> <!-- You parse elements from the developer profile using XPath. --> <XPath>/App/Attributes/Attribute/1/Value</XPath> </Variable> </XMLPayload> </ExtractVariables>
Thanks,
Solved! Go to Solution.
Try this Xpath in your Extract Variable policy
/App/Attributes/Attribute[Name='DisplayName']/Value/text()
You can test your xpath using some online tools too so that you don't have to deploy and test everytime. I use this link to test my Xpath. Just paste the XML from the trace and then use the XPath to see the values. The same can be put in your policy once you know what you need to extract.
On the other hand - if you are using VerifyAPIkey policy, you do not need to extract the display name like this, it will automatically populate a variable for you. The variable is verifyapikey.{policyName}.DisplayName. You can see it in your trace when you click the VerifyApiPolicy icon. You can directly use this variable in your proxy code.
There are other variables too that get auto-populated when you run the VerifyAPIKey policy successfully. More details here
Try this Xpath in your Extract Variable policy
/App/Attributes/Attribute[Name='DisplayName']/Value/text()
You can test your xpath using some online tools too so that you don't have to deploy and test everytime. I use this link to test my Xpath. Just paste the XML from the trace and then use the XPath to see the values. The same can be put in your policy once you know what you need to extract.
On the other hand - if you are using VerifyAPIkey policy, you do not need to extract the display name like this, it will automatically populate a variable for you. The variable is verifyapikey.{policyName}.DisplayName. You can see it in your trace when you click the VerifyApiPolicy icon. You can directly use this variable in your proxy code.
There are other variables too that get auto-populated when you run the VerifyAPIKey policy successfully. More details here
I added it. Thanks.
Thanks @wwitman
Thanks @Sai Saran Vaidyanathan
Yeah, its simple xpath thing to get attribute. I got it as below:
//App/@name
I am not using VerifyAPIkey for this, as I do not want to force the product(s) to have this proxy. This is just to know Dev profile who ever passes client_id.
And I realized that, we can use flow variable directly in our assignment without having extract policy.
AccessEntity.ChildNodes.GetDevAppProfile.App.Attributes.Attribute.1.Value
Thanks,
Glad it worked. Yes, you can do that as well.
Hi, can you help with how to get App name when no verify API policy used but instead JWT (verify JWT) is used?
You cannot. The VerifyJWT policy just verifies a JWT. That JWT might be issued by any party, and the policy does not assume that there is a field in the JWT that relates to a client ID, or a registered Apigee API Product or App.
The way you would do it is take 2 steps: first verifyJWT, and if that passes, then use VerifyAPIKey to verify the clientID that is passed in some field of the payload of the JWT. This gives you App credential verification, API Product resolution, all the goodness that comes with that. and of course you can then retrieve the App name and so on. There is an additional requirement to make this happen: the payload of the JWT must have a field that contains a valid Apigee client ID. The field itself can have any name, but it must contain a "consumer key" or "client ID" that is known to Apigee.
How do you insure that the payload of a JWT issued by a third-party contains a clientID that is knnown to Apigee? You need to synchronize the clientIDs. For example if you use Okta as your IdP and JWT issuing party, Okta has a clientID field. When you provision the app in Okta, you'll get that client ID. You need to import that client into Apigee , as a new credential. That "import a pre-existing API key" is not accessible through the Apigee UI, at this time. In Apigee X or hybrid, you would use this Apigee API to do the import.
Helpful?