Solved: Re: Passing oAuth Bear token to subsequent call

rajkalgur · 12-13-2023 10:32 PM

Hi,

I have a requirement where i need to pass Bear token to subsequent call. I implemented the solution but looking for better solution from experts.

The solution which i implemented is to get Bear token, i used SC policy and hardcoded username, password and grant_type then extracted token from response payload.

then used AM and set the Authorization header and sending the payload to target endpoint.

This solution is working fine at this moment. Please suggest me if there is any better way to achieve the requirement.

dchiesa1

First thing, there is a difference between a Bear and a Bearer Token. The former is a large omnivorous mammal, and the latter is an object that you can use within the OAuth2.x API authorization framework.

OK, just kidding around.

What you're doing is fine - a ServiceCallout to send credentials to an endpoint, and then ExtractVariables to extract the token from the response, and then an AssignMessage to embed the access token into the outbound request. A suggestion for improvement (you may have already considered this): use caching of the access token so that you don't obtain a new token for every outbound request. The sequence will be

a LookupCache (for the token)
If no token then
- ServiceCallout to request token
- ExtractVariables to extract token from response
- PopulateCache to stuff the retrieved access_token into cache
AssignMessage to assign the retrieved token into the outbound request.

Last thing. I have said this repeatedly in many places, but I'll say it again here. This line within an AssignMessage does nothing:

  <AssignTo createNew='false' transport='http' type='request'/>

I suggest that you remove it.

If you run your API proxy bundle through Apigeelint, it will give you a warning about this.

View solution in original post

rajkalgur

Hi Dino,

yeah, I have not realized. its a Bearer token. I am trying to implement caching. few thinks are not clear for me from the APIGEE documentation regarding <Cachekey>, <KeyFragment>

and what value goes under <CacheResource>. looks like i am caching complete response from SC. is it possible to cache only access_token from response json?

currently i am passing extracted value to <KeyFragment>access_token</KeyFragment> under lookup and populate cache.

View solution in original post

dchiesa1

You can omit the CacheResource element.

Here's an example of "wrapping a cache" around a token retrieved with ServiceCallout.

https://github.com/DinoChiesa/Apigee-GCP-Logging-Example/blob/main/bundles/gcp-logging/apiproxy/prox...

View solution in original post

dchiesa1

First thing, there is a difference between a Bear and a Bearer Token. The former is a large omnivorous mammal, and the latter is an object that you can use within the OAuth2.x API authorization framework.

OK, just kidding around.

What you're doing is fine - a ServiceCallout to send credentials to an endpoint, and then ExtractVariables to extract the token from the response, and then an AssignMessage to embed the access token into the outbound request. A suggestion for improvement (you may have already considered this): use caching of the access token so that you don't obtain a new token for every outbound request. The sequence will be

a LookupCache (for the token)
If no token then
- ServiceCallout to request token
- ExtractVariables to extract token from response
- PopulateCache to stuff the retrieved access_token into cache
AssignMessage to assign the retrieved token into the outbound request.

Last thing. I have said this repeatedly in many places, but I'll say it again here. This line within an AssignMessage does nothing:

  <AssignTo createNew='false' transport='http' type='request'/>

I suggest that you remove it.

If you run your API proxy bundle through Apigeelint, it will give you a warning about this.

rajkalgur

Hi Dino,

yeah, I have not realized. its a Bearer token. I am trying to implement caching. few thinks are not clear for me from the APIGEE documentation regarding <Cachekey>, <KeyFragment>

and what value goes under <CacheResource>. looks like i am caching complete response from SC. is it possible to cache only access_token from response json?

currently i am passing extracted value to <KeyFragment>access_token</KeyFragment> under lookup and populate cache.

dchiesa1

You can omit the CacheResource element.

Here's an example of "wrapping a cache" around a token retrieved with ServiceCallout.

https://github.com/DinoChiesa/Apigee-GCP-Logging-Example/blob/main/bundles/gcp-logging/apiproxy/prox...

rajkalgur

Hi Dino,

I gone through the video's which you shared in youtube and implemented cache. I am testing it. Will let you know the results.