How to customize the response of GenerateAccessToken policy ?

anonymous · February 17, 2015, 11:58pm

By default, the access token that gets returned to the client looks something like this:

{
 "issued_at": "1420262924658",
 "scope": "READ",
 "application_name": "ce1e94a2-9c3e-42fa-a2c6-1ee01815476b",
 "refresh_token_issued_at": "1420262924658",
 "status": "approved",
 "refresh_token_status": "approved",
 "api_product_list": "[PremiumWeatherAPI]",
 "expires_in": "1799",
 "developer.email": "tesla@weathersample.com",
 "organization_id": "0",
 "token_type": "BearerToken",
 "refresh_token": "fYACGW7OCPtCNDEnRSnqFlEgogboFPMm",
 "client_id": "5jUAdGv9pBouF0wOH5keAVI35GBtx3dT",
 "access_token": "2l4IQtZXbn5WBJdL6EF7uenOWRsi",
 "organization_name": "docs",
 "refresh_token_expires_in": "0",
 "refresh_count": "0"
}

Can I change this? Add or remove properties? How?

anonymous · February 18, 2015, 12:01am

If you want to prevent all information from being returned in the response body, you can remove the element from the policy, or set it to false, like so:

<OAuthV2 name='OAuthV2-GenerateAccessToken'>
    <Operation>GenerateAccessToken</Operation>
     ....
    <GenerateResponse enabled='false'/>
</OAuthV2>

With that policy configuration, the policy will not return any response and the access token will be loaded into flow variables (aka context variables). You can then reference the flow variables to build your own response. The names of the flow variables depends on the name of the OAuthV2 policy, eg oauthv2accesstoken.{policy_name}.{variablename}. For the policy named ‘OAuthV2-GenerateAccessToken’, the variables are as follows:

oauthv2accesstoken.OAuthV2-GenerateAccessToken.access_token
oauthv2accesstoken.OAuthV2-GenerateAccessToken.token_type
oauthv2accesstoken.OAuthV2-GenerateAccessToken.expires_in
oauthv2accesstoken.OAuthV2-GenerateAccessToken.refresh_token
oauthv2accesstoken.OAuthV2-GenerateAccessToken.refresh_token_expires_in 
oauthv2accesstoken.OAuthV2-GenerateAccessToken.refresh_token_issued_at
oauthv2accesstoken.OAuthV2-GenerateAccessToken.refresh_token_status

For more information, see the boxed text under ‘GenerateAccessToken’ at the following link. http://apigee.com/docs/api-services/content/oauthv2-policy

Here is an example where the above approach has been implemented : https://github.com/apigee/api-platform-samples/tree/master/sample-proxies/oauth-advanced#howdo

anonymous · March 18, 2015, 4:36am

Alternatively, you can use “ExtractVariable” policy to extract the required values from the “response” flow variable and use “AssignMessage” Policy to create your own payload with the extracted values.

anonymous · May 12, 2015, 2:41pm

I think that this approach has currently an issue, since if there is an error in the OAuth2 policy, no error is raised and there is no easy way, how to catch it.

anonymous · September 20, 2016, 5:38pm

There are two ways that I use:

Use GenerateResponse = false

<OAuthV2 name='OAuthV2-GenerateAccessToken'>
    <Operation>GenerateAccessToken</Operation>
     ....
    <GenerateResponse enabled='false'/>
</OAuthV2>

This sets context variables, such as:

oauthv2accesstoken.OAuthV2-GenerateAccessToken.access_token
oauthv2accesstoken.OAuthV2-GenerateAccessToken.token_type
oauthv2accesstoken.OAuthV2-GenerateAccessToken.expires_in
oauthv2accesstoken.OAuthV2-GenerateAccessToken.refresh_token
oauthv2accesstoken.OAuthV2-GenerateAccessToken.refresh_token_expires_in
oauthv2accesstoken.OAuthV2-GenerateAccessToken.refresh_token_issued_at
oauthv2accesstoken.OAuthV2-GenerateAccessToken.refresh_token_status

…and you can then use an AssignMessage policy to build whatever response you like. For example:

<AssignMessage name="AM-ValidToken">
  <Set>
    <StatusCode>200</StatusCode>
    <ReasonPhrase>OK</ReasonPhrase>
    <Payload contentType="application/json">{
  "success" : true,
  "token" : "{oauthv2accesstoken.OAuthV2-GenerateAccessToken.access_token}"
}
</Payload>
  </Set>
  <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
  <AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>

Use a PostFlow step. This will be a JavaScript that modifies what gets sent back.

<OAuthV2 name='OAuthV2-GenerateAccessToken'>
    <Operation>GenerateAccessToken</Operation>
     ....
    <GenerateResponse enabled='true'/>
</OAuthV2>

And then the Javascript step (configure it to run after the GenerateAccessToken) :

<Javascript name='JS-GroomTokenResponse' timeLimit='200' >
  <IncludeURL>jsc://dateFormat.js</IncludeURL>
  <ResourceURL>jsc://groomTokenResponse.js</ResourceURL>
</Javascript>

And the JS code, which might look like this:

var b1 = JSON.parse(response.content),
    propertiesToRemove = ['status', 'refresh_token_status',
                          'token_type', 'organization_name', 'developer.email',
                          'scope', 'refresh_count',
                          'application_name'];

if (b1.access_token) {
  propertiesToRemove.forEach(function(item){
    delete b1[item];
  });

  // pretty-print JSON
  context.setVariable('response.content', JSON.stringify(b1, null, 2) + '\n');
}

Topic		Replies	Views
mask/exclude developer.email,api_product_list values from Oauth access token json response Apigee apigee-general	2	5	November 12, 2018
extract the variable from my JSON payload and using Assign Message policy created a JSON payload so that i can customise my response style Apigee api-runtime	1	7	November 9, 2017
How to code an automatic conversion of an authentication token to refresh token Apigee api-runtime	2	4	May 8, 2018

How to customize the response of GenerateAccessToken policy ?

AI Suggested topics