Trying to do a test using basic auth to access Apigee Edge API Proxy and found after successfully verify api key the variable verifyapikey.VerifyAPIKey.client_secret value is blank. Here is the policy I'm using in PreFlow:
<Step>
<Name>verify-api-key</Name>
</Step>
According to following link after VerifyApiKey policy executed successfully the variable verifyapikey.VerifyAPIKey.client_secret value is blank when I using trace:
https://community.apigee.com/questions/19248/can-you-validate-client-key-and-secret-without-gen.html
Any suggestions? Thanks.
After verify-api-key step, I have following step, which catched the mismatch:
<Step> <Condition>verifyapikey.VerifyAPIKey.client_secret != request.queryparam.password</Condition> <Name>RaiseFault-SecretMismatch</Name> </Step>
Have some additional findings, if I remove the Condition step, actual in the next step I can see the flow variables populated correctly. Now the issue looks like related to the way how to add the Condition step, should this be wrapped in a policy in order for it to use the flow variables?
Found the issue, in Condition the variable name need to be surrounded by {...}, found this when reading https://community.apigee.com/questions/34852/apikey-from-oauth-for-use-in-separate-proxy-with-s.html <Step> <Condition>{verifyapikey.VerifyAPIKey.client_secret} != {request.header.password}</Condition> <Name>RaiseFault-SecretMismatch</Name> </Step>
That seems surprising. But I'm glad you got it sorted!