Search code examples
oauth-2.0access-tokenapigee

Include developer app in response of access token

Using client credentials, the client is hitting apigee. but in response how to include developer app name?

 curl https://{org}-test.apigee.net/oauth/client_credential/
  accesstoken?grant_type=client_credentials -X POST -d 
  'client_id={consumer_key}&client_secret={consumer_secret}'

the response is as follows

   {  
  "issued_at" : "1382703699776",
   "application_name" : "8586c7b7-2936-4779-b7a6-97014e436d7d",
  "scope" : "READ",
  "status" : "approved",
  "api_product_list" : "[PremiumWeatherAPI]",
  "expires_in" : "3599",
  "developer.email" : "tesla@weathersample.com",
  "organization_id" : "0",
  "client_id" : "SJOaCEGohSu3vpNswMs5YdBlc2GOAh1J",
  "access_token" : "UAj2yiGAcMZGxfN2DhcUbl9v8WsR",
  "organization_name" : "myorg",
  "refresh_token_expires_in" : "0",
  "refresh_count" : "0"
   }

in response I need developer app name also which is associated with that secret and key. How to include that

Solution

  • https://{org}-test.apigee.net/oauth/client_credential/accesstoken is a proxy API call, not a management server API call. You have full control over your token response, including adding and removing fields. In fact, I think it is rare when all of the default returned fields make sense.

    Inside the OAuthV2 policy doing the GenerateAccessToken operation, use the following configuration:

    <GenerateResponse enabled="false"/>

    After the token has been minted, flow will continue instead of immediately returning. You can then create the response manually using flow variables.

    For example, to return just the access token, the expires_in field, and the application name, you could use the following AssignMessage in your response flow:

    <AssignMessage enabled="true" continueOnError="false" async="false" name="AccessTokenResponseCC">
    <AssignTo createNew="true" transport="http" type="response"/> 
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <Set>
        <Payload contentType="application/json" variablePrefix="%" variableSuffix="#">
{
    "access_token":"%oauthv2accesstoken.GenerateToken.access_token#",
    "expires_in":"%oauthv2accesstoken.GenerateToken.expires_in#",
    "app_name":"%apigee.developer.app.name#"
}
        </Payload>
    </Set>
</AssignMessage>

    where "GenerateToken" is the name of the OAuthV2 policy where the access token was created. In my Apigee cloud org, the variable apigee.developer.app.name is populated after token creation.

    See the OAuth flow variables page for more variables you can use.