Fault handling for different errors

Google Cloud Apigee
1

I have setup following error handling for different scenarios. Really finding it difficult to to check exact fault.cause:

How to differentiate between invalid “client id” and invalid “client secret”?

 <FaultRules>
        <FaultRule name="Unhandled Error">
            <Condition>(flow.myapi.error.message = null)</Condition>
            <Step>
                <Name>Error.Unhandled</Name>
            </Step>
        </FaultRule>
        <FaultRule name="Invalid Client Id">
            <Condition>(oauthV2.GenerateAuthorizationCode.fault.cause = "invalid_request" or 
            oauthV2.AccessTokenRequest.fault.cause = "invalid_client" or 
            oauthV2.AccessTokenRefresh.fault.cause = "invalid_client")</Condition>
            <Step>
                <Name>Error.InvalidClientId</Name>
            </Step>
        </FaultRule>
        <FaultRule name="Invalid Client Secrect">
            <Condition>(oauthV2.GenerateAuthorizationCode.fault.cause = "what error")</Condition>
            <Step>
                <Name>Error.InvalidClientSecrect</Name>
            </Step>
        </FaultRule>
        <FaultRule name="Invalid Auth code">
            <Condition>(oauthV2.AccessTokenRequest.fault.cause  = "Invalid Authorization Code")</Condition>
            <Step>
                <Name>Error.InvalidAuthCode</Name>
            </Step>
        </FaultRule>
        <FaultRule name="Expired Auth code">
            <Condition>(oauthV2.AccessTokenRequest.fault.cause  = "Authorization Code Expired")</Condition>
            <Step>
                <Name>Error.ExpiredAuthCode</Name>
            </Step>
        </FaultRule>
        <FaultRule name="Invalid Refresh Token">
            <Condition>(oauthV2.AccessTokenRefresh.fault.cause = "Invalid Refresh Token")</Condition>
            <Step>
                <Name>Error.InvalidRefreshToken</Name>
            </Step>
        </FaultRule>
        <FaultRule name="Expired Refresh Token">
            <Condition>(oauthV2.AccessTokenRefresh.fault.cause = "Refresh Token expired")</Condition>
            <Step>
                <Name>Error.ExpiredRefreshToken</Name>
            </Step>
        </FaultRule>
    </FaultRules>

Where can i find all possible fault.cause ?

2

Here is a list of error codes the policies can return:

http://docs.apigee.com/api-services/content/error-code-reference

I don’t see that it differentiates between invalid client id/secret. There is a generic Invalid Parameter for the OAuth policy.

1 Like
3

Using this framework, you can provide your own fault name and check for that in the fault rule.

In this case, you can check for apikey and secret and depending on the invalid check, populate fault name. Then in fault rule, you can check for this condition and provide appropriate error code and message at a granular level.