retrieve custom attribute from oAuth2 access token

sjm2000
Participant V

Dear All,

I am setting custom values in oAuth2 flow using authorization code grant type .

The variables are set at time of generation oAuth2 code


Step 1

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><OAuthV2 enabled="true" continueOnError="false" async="false" name="GenerateAuthorizationCode">  <FaultRules/>  <Properties/>  <State>request.queryparam.state</State>  <Operation>GenerateAuthorizationCode</Operation>  <Attributes>  <Attribute name="tenant.client_id" ref="request.queryparam.client_id"/>  <Attribute name="tenant.response_type" ref="request.queryparam.response_type"/>  <Attribute name="tenant.scope" ref="request.queryparam.scope"/>  <Attribute name="tenant.state" ref="request.queryparam.state"/>  <Attribute name="tenant.userid" ref="request.queryparam.userid"/>  <Attribute name="tenant.customerid" ref="request.queryparam.customerid"/>  </Attributes>  <GenerateResponse/></OAuthV2>

After the above the below policy is executed at the time of token generation.

Step 2

<OAuthV2 name="GenerateAccessToken">  <FaultRules/>  <Properties/>  <!--<ExpiresIn>-1</ExpiresIn>  <RefreshTokenExpiresIn>-1</RefreshTokenExpiresIn>-->  <ExpiresIn>7776000000</ExpiresIn>  <!--7776000000 is 3 months only , not infinite-->  <RefreshTokenExpiresIn>7776000000</RefreshTokenExpiresIn>  <ReuseRefreshToken>true</ReuseRefreshToken>  <SupportedGrantTypes>  <GrantType>authorization_code</GrantType>  </SupportedGrantTypes>  <GenerateResponse/></OAuthV2>

After 5 minutes , i am trying to execute GetoAuth2 Info policy by passing the access token .

Step 3.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><GetOAuthV2Info async="false" continueOnError="false" enabled="true" name="GetOAuthv20Info">  <AccessToken ref="request.queryparam.access_token"/>  <IgnoreAccessTokenStatus>true</IgnoreAccessTokenStatus></GetOAuthV2Info>

however i am not receiving any of the custom variables like tenant.userid or tenant.customerid in the flow of step 3.

Can anyone give me pointers to solution?

Regards

Solved Solved
0 4 1,215
2 ACCEPTED SOLUTIONS

When you use auth_code and put the custom attr > it will migrate and will be attached to access_token aswell.

To get it, you will need to use this syntax:

accesstoken.{custom_attribute}

accesstoken.tenant.customerid

See the docs also for future reference:

https://docs.apigee.com/api-platform/security/oauth/customizing-access-tokens#gettingcustomattribute...

View solution in original post

sillan_dt
Participant IV

Do the token validation in proxy and once the token is validated, all the custom attributes will be available in the flow.

View solution in original post

4 REPLIES 4

When you use auth_code and put the custom attr > it will migrate and will be attached to access_token aswell.

To get it, you will need to use this syntax:

accesstoken.{custom_attribute}

accesstoken.tenant.customerid

See the docs also for future reference:

https://docs.apigee.com/api-platform/security/oauth/customizing-access-tokens#gettingcustomattribute...

accesstoken.tenant.customerid 

is not having any value in the third step. Its really confusing .

I agree, me too not getting any value after I do like below (in JS code) :

var abc = context.getVariable("accesstoken.token_issued_at");

or

var abc = context.getVariable("accesstoken.{token_issued_at}");

 

Can you please check once @Denis_KALITVI @sjm2000 @dchiesa1 . Any help will be appreciated.

sillan_dt
Participant IV

Do the token validation in proxy and once the token is validated, all the custom attributes will be available in the flow.