Reputation: 23
Apigee - Retrieve App custom attribute after successful oauth2 authentification
I configured a simple API with Apigee with oauth2 authorization. In my API I use a custom ID to separate different clients. To be able to retrieve this custom id to my API I created a custom attribute in the developer App named "Tenant".
My oauth policy is pretty simple :
<OAuthV2 async="false" continueOnError="false" enabled="true" name="ValidateOAuth">
<DisplayName>ValidateOAuth</DisplayName>
<FaultRules/>
<Properties/>
<Attributes />
<ExternalAuthorization>false</ExternalAuthorization>
<Operation>VerifyAccessToken</Operation>
<SupportedGrantTypes/>
<Tokens/>
</OAuthV2>
I created a conditional flow to apply this authorization when user doesn't use a public url of my API
<Flow name="Authorize">
<Description/>
<Request>
<Step>
<FaultRules/>
<Name>ValidateOAuth</Name>
</Step>
</Request>
<Response>
<Step>
<FaultRules/>
<Name>EchoTenant</Name>
</Step>
</Response>
<Condition>request.uri !~~ ".+(widget|tracker).+"</Condition>
</Flow>
In the response I prepared an Assign Message policy to add to the header my tenantId (where xxx need to be replaced with the correct variable)
<AssignMessage async="false" continueOnError="false" enabled="true" name="EchoTenant">
<AssignTo createNew="false" type="response"></AssignTo>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<Set>
<Headers>
<Header name="X-Tenant">xxx</Header>
</Headers>
</Set>
</AssignMessage>
In the doc I saw an example to retrieve developer attribute like email with 2 mores policies : accessEntity and extractVariables. I tried to use them but without success... In my case I haven't access to the ApiKey, I only have an accessToken I think ? Is it possible with the accessToken to retrieve my custom app attribute ?
In this discussion, Mike Dunker wrote
It really depends on the information you have at the time the proxy is running. If you are using OAuth or API key validation (via the OAuthV2 and VerifyAPIKey policies), the custom attributes are automatically populated after the token or API key is validated. In practice I find that I rarely need to call AccessEntity.
I tried to use the trace tool to see informations sent after successful authorization but I didn't see my Tenant Id. Maybe there is a better solution for my problem Thanks for your help !
Upvotes: 0
Views: 1870
Answers (1)
Reputation: 606
Use VerifyAccessToken to validate your OAuth token. After VerifyAccessToken, try accessing app.{custom_attribute_name}. You may not see this value in the trace tool, as there are many dozens of variables that are populated from VerifyAccessToken.
If you don't need VerifyAccessToken in your flow (in most cases you will), there is also GetOauthv2info which does the same-- more info here. The variable will be oauthv2client.{policy_name}.{custom_attribute_name}
Upvotes: 1
Related Questions
- Magento Enterprise 1.12 - Accessing customer custom attributes from the V2 API
- Obtain OAuth2 token from third parties
- Authlete OAuth endpoint to retrieve claims data
- Returning custom attributes in OAath access token
- Spring security oauth2 - getting custom data from OAuth2 principal
- Apigee OAuth with REST authentication API
- Apigee: Add login with an existing OAuth 2.0 id-provider
- Apigee token management and username/password OAuth authentication
- In Apigee, how to get a custom attribute value for a developer using the AccessEntity policy and later in Javascript?
- Get User information after successful authentication with Oauth2