OAuthV2 - Set Custom Attribute with the authorization Code

anonymous · May 3, 2017, 2:47pm

I need to set Cutom Attribute at the time of the authorization code generation. I used the OAuthV2 policy and add attribute in thta policy but it is not working.

I also tried with - SetOAuthV2Info policy but it is not working. I am passing custom Attribute as Request Body parameter which I am trying to retrieve using - GetAuthCodeAttributes policy by passing Bearer Access token in the Header as - Authorization. Can any one suggest where and what I am doing wrong? Policies used mentioned below

OA-GenerateAuthorizationCode Policy

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> OA-GenerateAuthorizationCode false GenerateAuthorizationCode request.formparam.client_id request.formparam.response_type request.formparam.scope request.formparam.redirect_uri request.formparam.userId 1800000

Policy -OA-GetAuthCodeAttributes

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> OA-GetAuthCodeAttributes

email
given_name
family_name

anonymous · May 3, 2017, 3:11pm

I also tried with

SetOAuthV2Info policy which is below -

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> OA-SetOAuthV2Info

williamssean · May 3, 2017, 5:14pm

Hello @RejeevChaturvedi,

<Attribute name="email" display="true" ref="email"/>
<Attribute name="given_name" display="true" ref="given_name"/>
<Attribute name="family_name" display="true" ref="family_name"/>

Do you have an AssignMessage policy that sets the email, given_name and family_name flow variables?

You mentioned that you are passing these values in the request payload as form parameters (application/x-www-form-urlencoded); if that is the case and you don’t have an AssignMessage policy, then it should be as shown below:

<Attribute name="email" display="true" ref="request.formparam.email"/>
<Attribute name="given_name" display="true" ref="request.formparam.given_name"/>
<Attribute name="family_name" display="true" ref="request.formparam.family_name"/>

ceber · May 4, 2017, 2:16am

What do you see in trace when you generate the token? Are those variables populated as you expect?

anonymous · May 4, 2017, 7:01am

@Carlos Eberhardt

Yes, All context variables (email,given_name and family_name) populated when checked in the TRACE.
Any suggestion where this variable store in the Apigee platform? I checked in the Dev Apps - Custom Attribute in the Edge, but these are not store in the Custom Attribute.I am not getting any error when setting with either way - directly in the OAuthV2 policy or using -

SetOAuthV2Info policy.

When trying to retrieve using - GetOAuthV2Info policy, it is throwing error - not valid authorization_code. In GetOAuthV2Info policy, I am passing ‘Bearer AcceeTokenValue’ in Header as ‘Authorization’ which I got using authorization_code.

Please let me know where I am missing? Is anything extra need to do apart from above mentioned details?

anonymous · May 4, 2017, 7:05am

@swilliamsI tried with both way, directly putting values as - request.formparam.email and also using Assign Message and using context variables

anonymous · May 4, 2017, 7:14am

Yes, Variable are populated. I checked in the TRACE.

anonymous · May 4, 2017, 8:01am

I retrieve all Request Body parameters in the Extract Variable policy and used these variables in my - OA-GenerateAuthorizationCode policy. I cross checked in the TRACE, all variables are populated.

anonymous · May 4, 2017, 9:52am

Done, it is working fine.

After OA-GetAuthCodeAttributes policy need to use an Assign Message policy in which retrieve the variable provide by OA-GetAuthCodeAttributes policy like -

oauthv2authcode.{policy_name}.state

oauthv2authcode.{policy_name}.scope

oauthv2authcode.{policy_name}.id

oauthv2authcode.{policy_name}.{auth_code_custom_attribute_name}

The final Assign Message policy after OA-GetAuthCodeAttributes policy in the flow is like -

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> AM-CustomAttributeAuthCodeResponse {

“email”:“@oauthv2authcode.OA-GetAuthCodeAttributes.email#”,
“given_name”:“@oauthv2authcode.OA-GetAuthCodeAttributes.given_name#”,
“family_name”:“@oauthv2authcode.OA-GetAuthCodeAttributes.family_name#”
}

true

No need for SetAuthCodeAttributes policy.

Changes in GenerateAuthorizationCode policy

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> OA-GenerateAuthorizationCode false GenerateAuthorizationCode request.formparam.client_id request.formparam.response_type request.formparam.scope request.formparam.redirect_uri request.formparam.userId 1800000

ceber · May 4, 2017, 2:18pm

converted this comment to answer so others can see it as the answer.

anonymous · May 4, 2017, 2:21pm

above code

anonymous · December 28, 2017, 9:24am

I convert your answer into code to be clear for us

After OA-GetAuthCodeAttributes policy need to use an Assign Message policy in which retrieve the variable provide by OA-GetAuthCodeAttributes policy like -

	oauthv2authcode.{policy_name}.state
	oauthv2authcode.{policy_name}.scope
	oauthv2authcode.{policy_name}.id
	oauthv2authcode.{policy_name}.{auth_code_custom_attribute_name}

The final Assign Message policy after OA-GetAuthCodeAttributes policy in the flow is like -

<?xml version="1.0" encoding="UTF-8"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="AM-CustomAttributeAuthCodeResponse">
   <DisplayName>AM-CustomAttributeAuthCodeResponse</DisplayName>
   <Set>
      <Payload contentType="application/json" variablePrefix="@" variableSuffix="#">{ 
	"email":"@oauthv2authcode.OA-GetAuthCodeAttributes.email#",
	"given_name":"@oauthv2authcode.OA-GetAuthCodeAttributes.given_name#",
	"family_name":"@oauthv2authcode.OA-GetAuthCodeAttributes.family_name#"
	}</Payload>
   </Set>
   <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
   <AssignTo createNew="false" transport="http" type="request" />
</AssignMessage>

No need for SetAuthCodeAttributes policy.

Changes in GenerateAuthorizationCode policy

	<?xml version="1.0" encoding="UTF-8"?>
<OAuthV2 name="OA-GenerateAuthorizationCode">
   <DisplayName>OA-GenerateAuthorizationCode</DisplayName>
   <ExternalAuthorization>false</ExternalAuthorization>
   <Operation>GenerateAuthorizationCode</Operation>
   <ClientId>request.formparam.client_id</ClientId>
   <ResponseType>request.formparam.response_type</ResponseType>
   <Scope>request.formparam.scope</Scope>
   <RedirectUri>request.formparam.redirect_uri</RedirectUri>
   <UserName>request.formparam.userId</UserName>
   <ExpiresIn>1800000</ExpiresIn>
   <!---Adding user info below into the Customer Attribute in th e Apigee Edge -->
   <SupportedGrantTypes />
   <Attributes>
      <Attribute name="email" display="true" ref="request.formparam.email" />
      <Attribute name="given_name" display="true" ref="request.formparam.given_name" />
      <Attribute name="family_name" display="true" ref="request.formparam.family_name" />
   </Attributes>
   <Tokens />
</OAuthV2>

Topic		Replies	Views
Authorization Code - Custom attribute Apigee api-runtime	4	2	April 10, 2015
Custom Attributes when Display=False - VerifyToken does not pick them up Apigee api-runtime	5	13	April 6, 2018
retrieve custom attribute from oAuth2 access token Apigee apigee-general	4	22	October 26, 2021

OAuthV2 - Set Custom Attribute with the authorization Code

AI Suggested topics