How do I compare the state attribute in my token to the query param in the request?

anonymous · July 3, 2019, 5:32am

I have the ff. Request to save a state on token creation\

/token?grant_type=client_credentials&scope=all&state=Unused

It’s just that I want to know if my token has the same state as the one being looked up for by the request as I will be using the state of the token to determine whether if the token has already been used or not. I’m using the ff. conditions, and it doesn’t seem to determine whatever value is the value of state in my token.

<Step>
 <Condition>
(request.queryparam.state NotEquals accesstoken.state)
</Condition>
<Name>RF-TokenAlreadyUsed</Name>  
</Step>

anonymous · July 3, 2019, 7:50am

Turns out I was using the state wrong. A state should function like this as stated in this thread.

https://stackoverflow.com/questions/26132066/what-is-the-purpose-of-the-state-parameter-in-oauth-authorization-request

So in order for me to be able to do what I want to do is that I should add another attribute to the token so that I would know if the token is already used or not. It’s not that I havent done a similar thing before using an attribute, rather I thought the use of state is for token accessibility.

Topic		Replies	Views
Authorize a request by comparing a token attribute with a request attribute Apigee api-runtime	2	3	March 28, 2017
Oauth2 state persistency Apigee api-runtime	4	21	November 4, 2016
Implicit Token token_type & state are not available Apigee api-runtime	7	1	July 13, 2015

​How do I compare the state attribute in my token to the query param in the request?

AI Suggested topics

How do I compare the state attribute in my token to the query param in the request?