Oauth token encryption and hash

Question

Once oauth token is generated in api, in the response We need to encrypt oauth token, then salt with timestamp and hash it

Using client credentials, the client is hitting apigee. but in response how to encrypt oauth token, then salt with timestamp and hash it?

 curl https://{org}-test.apigee.net/oauth/client_credential/
  accesstoken?grant_type=client_credentials -X POST -d 
  'client_id={consumer_key}&client_secret={consumer_secret}'

the response is as follows

   {  
  "issued_at" : "1382703699776",
   "application_name" : "8586c7b7-2936-4779-b7a6-97014e436d7d",
  "scope" : "READ",
  "status" : "approved",
  "api_product_list" : "[PremiumWeatherAPI]",
  "expires_in" : "3599",
  "developer.email" : "tesla@weathersample.com",
  "organization_id" : "0",
  "client_id" : "SJOaCEGohSu3vpNswMs5YdBlc2GOAh1J",
  "access_token" : "UAj2yiGAcMZGxfN2DhcUbl9v8WsR",
  "organization_name" : "myorg",
  "refresh_token_expires_in" : "0",
  "refresh_count" : "0"
   }

in response I need to encrypt the oauth access token and salt with timestamp and then hash it. How to do that

Answer 1

Here is an approach that you can use:

• Right after the Generate access token policy you would be able to access oauthv2accesstoken.{policy_name}.access_token variable. Use an assign message policy to assign this value to a variable.
• Next, for calculating the hash you need to use a java, python or a javascript policy in the response part of the flow. This link has a sample JavaScript for sha256.