after the service callout successful response, how can i make a request for generating a access token in password grant type

Google Cloud Apigee
1

Hello,
I’m a newbie to Apigee, so any suggestion will be appreciated.

I need to generate an access token after the 3rd party API returns 200 status code,

So i made a simple approach like doing a service callout API that takes a username and password and later after getting the “success” response. Then i created a request payload using Assign Message with my client ID and secret and lastly i used Generate Access token policy.

But i dont know, it throws me back 401.

Here, my service callout action shows up to be “PAUSE” while tracing.

<!-- Token Gen  -->

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OAuthV2 name="GenerateAccessToken">
    <DisplayName>OA-GenerateAccessToken Password</DisplayName>
    <Operation>GenerateAccessToken</Operation>
    <!--<ExternalAccessToken>apigee.access_token</ExternalAccessToken>-->
    <!-- This is in millseconds, so expire in an hour -->
    <ExpiresIn>36000000</ExpiresIn>
    <SupportedGrantTypes>
        <GrantType>password</GrantType>
    </SupportedGrantTypes>
    <GrantType>the.grant_type</GrantType>
    <UserName>token.request.username</UserName>
    <PassWord>token.request.password</PassWord>
    <GenerateResponse enabled="true"/>
    <GenerateErrorResponse enabled="true"/>
</OAuthV2>


<!-- Assign Message Payload for token generation -->

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="AM-generate-token-request">
    <DisplayName>AM-generate token request</DisplayName>
    <Set>
        <Headers>
            <Header name="Content-Type">application/json</Header>
            <Header name="Authorization">Basic REUwR1VWb0ttR045OHFic282ZEdoaDJ3QXVDQTFvVGc6MTg2Y3lTVU9TOFZYTUVmMQ==</Header>
        </Headers>
        <QueryParams>
            <QueryParam name="username">XXXXXXoKmGN98qbso6dGhh2wAuCA1oTg</QueryParam>
        </QueryParams>
        <QueryParams>
            <QueryParam name="password">XXXXXXUOS8VXMEf1</QueryParam>
        </QueryParams>
        <Verb>POST</Verb>
    </Set>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="true" transport="https" type="request">token.request</AssignTo>
</AssignMessage>


<!-- Service Callout -->

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ServiceCallout async="false" continueOnError="false" enabled="true" name="SC-Edge-Market-API">
    <DisplayName>SC Edge Market API</DisplayName>
    <Properties/>
    <Request clearPayload="false" variable="authenticate.request">
        <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    </Request>
    <Response>authenticate.response</Response>
    <HTTPTargetConnection>
        <Properties/>
        <URL>https://edgemarket-prod.apigee.net/v1/users/authenticate</URL>
    </HTTPTargetConnection>
</ServiceCallout>
2

I’m doing all this operation in a single flow (Proxy Endpoint)

3

Hi Shijith,

First of all, please do not share any credentials in your postings ( I obfuscated them ).

I noticed that you are using token.request.username but that variable doesn’t appear to be populated.

You can just use a Service Callout followed by an OAuth GenerateAccessToken. You can build the Service Callout request inline using. Note that I’m using formparams on my initial request.

ServiceCallout async="false" continueOnError="false" enabled="true" name="SC-AuthenticateUser">
    <DisplayName>SC-AuthenticateUser</DisplayName>
    <Properties/>
    <Request clearPayload="false" variable="authenticate.request">
        <Set>
            <Headers>
                <Header name="Content-Type">application/x-www-form-urlencoded</Header>
            </Headers>
            <FormParams>
                <FormParam name="grant_type">{request.formparam.grant_type}</FormParam>
                <FormParam name="username">{request.formparam.username}</FormParam>
                <FormParam name="password">{request.formparam.password}</FormParam>
            </FormParams>
            <Verb>POST</Verb>
            <Path/>
        </Set>
        <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    </Request>
    <Response>authenticate.response</Response>
    <HTTPTargetConnection>
        <Properties/>
        <URL>https://apibaas-trial.apigee.net/kurtkanaskie/sandbox/token</URL>
    </HTTPTargetConnection>
</ServiceCallout>

Then the OAuth policy:

<OAuthV2 async="false" continueOnError="false" enabled="true" name="OA-GenerateAccessToken-Password">
    <DisplayName>OA-GenerateAccessToken Password</DisplayName>
    <Operation>GenerateAccessToken</Operation>
    <ExternalAccessToken>apigee.access_token</ExternalAccessToken>
    <!-- This is in millseconds, so expire in a half hour -->
    <ExpiresIn>1800000</ExpiresIn>
    <!-- This is in millseconds, so expire in an hour -->
    <RefreshTokenExpiresIn>3600000</RefreshTokenExpiresIn>
    <SupportedGrantTypes>
        <GrantType>password</GrantType>
    </SupportedGrantTypes>
    <GrantType>request.formparam.grant_type</GrantType>
    <UserName>request.formparam.username</UserName>
    <PassWord>request.formparam.password</PassWord>
    <GenerateResponse enabled="true"/>
    <GenerateErrorResponse enabled="true"/>
</OAuthV2>

Hope that helps

1 Like
4

@Kurt Kanaskie : Firstly thanks for obfuscating the credentials.
Also yes i got to know where i made the mistake and thanks for your solution. Accepted :slight_smile: