I am able to generate Auth Code, but the problem is it does not expire in the specified time, which is mentioned in <ExpiresIn> tag.
Here is my OAuthV2 policy:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <OAuthV2 async="false" continueOnError="true" enabled="true" name="Generate-Authorization-Code"> <DisplayName>Generate Authorization Code</DisplayName> <Operation>GenerateAuthorizationCode</Operation> <ClientId>clientId</ClientId> <RedirectUri>redirectUrl</RedirectUri> <ResponseType>code</ResponseType> <Scope>scope</Scope> <!--<GenerateResponse enabled="true"/>--> <ExpiresIn>10000</ExpiresIn> </OAuthV2><br>I expect the code generated to expire in 10 secs, but it does not. I have checked even after 10 mins, however, it was still not expired.
And here is how I was trying to access auth code info:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <GetOAuthV2Info async="false" continueOnError="false" enabled="true" name="Get-Auth-Code-Info"> <DisplayName>Get Auth Code Info</DisplayName> <AuthorizationCode ref="authCode"/> </GetOAuthV2Info>
I have even checked the failed flag, which was sent to false.
Any help would be appreciated.
Solved! Go to Solution.
Hmm, I just tested this and here's what I found:
GenerateAccessToken is working for me as expected. If I set expiry on the code, then the generated code expires as expected, and OAuthV2/GenerateAccessToken using that code will fail appropriately.
I cannot imagine what might be happening with your organization / environment. If you have an Apigee support contract then I suggest you contact Apigee support to request diagnosis on this.
It could be that you are expecting GetOAuthV2Info to fail when inquiring an expired code. And that may not be a documented behavior.
The "expiry" of the code means it will not be redeemable for a token. After the expiry, The code might still be in the keystore, and queryable with GetOAuthV2Info,even though it would not be usable for obtaining a token via OAuthV2/GenerateAccessToken.
I am also facing a similar issue can someone help me out please
Let let look into it.
Hmm, I just tested this and here's what I found:
GenerateAccessToken is working for me as expected. If I set expiry on the code, then the generated code expires as expected, and OAuthV2/GenerateAccessToken using that code will fail appropriately.
I cannot imagine what might be happening with your organization / environment. If you have an Apigee support contract then I suggest you contact Apigee support to request diagnosis on this.
It could be that you are expecting GetOAuthV2Info to fail when inquiring an expired code. And that may not be a documented behavior.
The "expiry" of the code means it will not be redeemable for a token. After the expiry, The code might still be in the keystore, and queryable with GetOAuthV2Info,even though it would not be usable for obtaining a token via OAuthV2/GenerateAccessToken.
Thanks @Dino-at-Google, thanks for your time!
By the way, the operation is GenerateAuthorizationCode and not token. And how do you check for AuthCode expiry? @Dino-at-Google
I don't "check" for expiry. Instead I use GenerateAccessToken with the code. If the code is expired, then the OAuthV2/GenerateAccessToken will throw a fault and the client gets a fault message like "invalid authorization code". If the code is not expired then the OAuthV2/GenerateAccessToken will succeed and the client will receive a token.
In this way, the expiry is checked _implicitly_.