We use OPDK 4.17.01.
Please tell me about hashing of access tokens.
I tried the following, but failed Set OAuth V2 Info policy.
The setting contents are as follows.
features.isOAuthTokenHashingEnabled = true features.OAuthTokenHashingAlgorithm = SHA512
The error message is as follows.(Status code 500error)
{"fault".{"faultstring":"Invalid Access Token","detail":{"errorcode":"keymanagement.service.invalid_access_token"}}}
What is the cause?
Do you need the following settings?
features.isOAuthTokenFallbackHashingEnabled = true features.OAuthTokenFallbackHashingAlgorithm = SHA1 | SHA256 | SHA384 | SHA512 | PLAIN
Solved! Go to Solution.
Hi Tomoya,
Can you check if the Access Token you passed to the policy is not the hashed one?
It should be the original token returned initially by the request of generating the token.
Also please check with the management API 'Get OAuth 2.0 Access Token' that the token is valid.
https://apidocs.apigee.com/management/apis/get/organizations/%7Borg_name%7D/oauth2/accesstokens/%7Ba...
Thanks,
Toshi
Please advise because it is not solved.
Hi Tomoya,
Can you check if the Access Token you passed to the policy is not the hashed one?
It should be the original token returned initially by the request of generating the token.
Also please check with the management API 'Get OAuth 2.0 Access Token' that the token is valid.
https://apidocs.apigee.com/management/apis/get/organizations/%7Borg_name%7D/oauth2/accesstokens/%7Ba...
Thanks,
Toshi
Hi Tomoya,
To the point you mentioned in the question regarding the configuration:
features.isOAuthTokenFallbackHashingEnabled = true
features.OAuthTokenFallbackHashingAlgorithm = SHA1 | SHA256 | SHA384 | SHA512 | PLAIN
only if the features.OAuthTokenFallbackHashingAlgorithm is PLAIN, the stored hashed is valid, since the digest (plain) by the passed token as is just matches the hashed token.
Otherwise only the original token without being hashed is valid.
Can you please check if this is the same result of you tests?
Thanks,
Toshi
Hi Toshi, Thanks for your comment.
Following the advice, I solved it by specifying PLAIN.
Thank you very much.