Validate request input against a custom app attribute

anonymous · February 10, 2020, 10:58pm

I’m using OAuthV2 to validate app access, but I want to also check an input in the request body against a Custom App Attribute containing a string with a delimited list of valid inputs. If there is a match, allow the request to go through. If there isn’t, then fail with a message similar to “Access to {invalidInput} is not allowed.”

We’re not using APIKeys, so I think the VerifyAPIKey policy is useless as the gateway to reading the Custom App Attribute in my case.

There is a JavaScript policy for other request input validations and I think comparing the request input to the Custom App Attribute will be easy enough in that policy, I just don’t see how to read the Custom App Attribute within the JavaScript.

anonymous · February 11, 2020, 6:13am

I guess you would get the Custom App Attribute after OAuth policy. To get that in Javascript policy you can use flow variables,

var cust_app_attribute = context.getVariable('app.{custom_attributes_name}'); //A named custom attribute of the registered client app.

https://docs.apigee.com/api-platform/reference/policies/oauthv2-policy#flowvariables

https://docs.apigee.com/api-platform/reference/policies/javascript-policy#flowvariables

anonymous · February 13, 2020, 3:46pm

This did the trick. Thank you!

Topic		Replies	Views
Looking for single method to access app.{custom attribute} for both oAuth and APIKey access apps. Apigee api-runtime	6	3	February 27, 2015
How to pull in a Custom Attribute to your output? Apigee api-runtime	13	24	August 4, 2015
What is the significance of custom attributes of a Product and App? Apigee api-runtime	8	7	July 27, 2016

Validate request input against a custom app attribute

AI Suggested topics