We are using GenerateAuthorizationCode in the response flow. When we set callback URL http://localhost:8000/callback the redirect works. When we set callback URL urn:ietf:wg:oauth:2.0:oob the actual HTTP redirect location gets truncated after urn:
HTTP/1.1 302 Found Location: urn:?scope=123&state=xyz&code=abc Content-Length: 0 Connection: keep-alive
Solved! Go to Solution.
I have done this successfully with oob callback URLs. My AssignMessage looks like this:
<AssignMessage name='AssignMessage-AuthzCodeResponse'> <DisplayName>AssignMessage-AuthzCodeResponse</DisplayName> <Description>Assigns the response message for an /authorize call</Description> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> <!-- see https://apigeesc.atlassian.net/browse/BID-5589 --> <AssignTo createNew='true' type='response'>response</AssignTo> <Remove> <Payload>true</Payload> </Remove> <Set> <StatusCode>302</StatusCode> <ReasonPhrase>Found</ReasonPhrase> <Headers> <!-- at this point, the rquest.formparam.scope holds the requested scopes, separated by commas. The oauthv2authcode.OAuthV2-GenerateAuthorizationCode.scope variable holds the granted scopes separated by space. --> <Header name="Location">{oauthv2authcode.OAuthV2-GenerateAuthorizationCode.redirect_uri}?code={oauthv2authcode.OAuthV2-GenerateAuthorizationCode.code}&scope={request.formparam.scope}</Header> </Headers> </Set> <!-- Set this flow variable to indicate the response has been set --> <AssignVariable> <Name>flowResponse.ready</Name> <Value>true</Value> </AssignVariable> </AssignMessage>
Does this work for you?
And here's a snap of the Trace UI showing this actually working:
Has anyone seen in the community encountered this issue? Is it possible to change the redirect location to the correct value of "application redirect url" after GenerateAuthorizationCode by using assign-message policy?
I have done this successfully with oob callback URLs. My AssignMessage looks like this:
<AssignMessage name='AssignMessage-AuthzCodeResponse'> <DisplayName>AssignMessage-AuthzCodeResponse</DisplayName> <Description>Assigns the response message for an /authorize call</Description> <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables> <!-- see https://apigeesc.atlassian.net/browse/BID-5589 --> <AssignTo createNew='true' type='response'>response</AssignTo> <Remove> <Payload>true</Payload> </Remove> <Set> <StatusCode>302</StatusCode> <ReasonPhrase>Found</ReasonPhrase> <Headers> <!-- at this point, the rquest.formparam.scope holds the requested scopes, separated by commas. The oauthv2authcode.OAuthV2-GenerateAuthorizationCode.scope variable holds the granted scopes separated by space. --> <Header name="Location">{oauthv2authcode.OAuthV2-GenerateAuthorizationCode.redirect_uri}?code={oauthv2authcode.OAuthV2-GenerateAuthorizationCode.code}&scope={request.formparam.scope}</Header> </Headers> </Set> <!-- Set this flow variable to indicate the response has been set --> <AssignVariable> <Name>flowResponse.ready</Name> <Value>true</Value> </AssignVariable> </AssignMessage>
Does this work for you?
And here's a snap of the Trace UI showing this actually working:
Thanks for replying @Dino Yes it should work. Variable names in my flow are different and changing "&scope". Also thank you a bunch for sharing the slides/code on generating JWT using JOSE4J from the conference. Sorry I missed it.