API Connect

API Connect

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Unable to log claims from the verified access token

    Posted 4 days ago

    Hello all, first post here. 

    The API is configured with a 3rd party OAuth provider. I am trying to log a few claims from the access token using <Set-variable> policy but it doesn't seem to work as expected. I followed the documentation mentioned here to set the variables. 

    assembly:
        execute:
          - log:
              version: 2.1.0
              title: log
              log-level: default
              mode: gather-only
          - set-variable:
              version: 2.0.0
              title: set-custom-log
              actions:
                - set: log.custom_data.access_token
                  value: $(oauth.verified_access_token.access_token)
                  type: string
                - set: log.custom_data.scope
                  value: $(oauth.verified_access_token.scope)
                  type: string
                - set: log.custom_data.misc_info
                  value: $(oauth.verified_access_token.misc_info)
                  type: string
                - set: log.custom_data.client_id
                  value: $(oauth.verified_access_token.client_id)
                  type: string
                - set: log.custom_data.result
                  value: $(oauth.result)
                  type: string
                - set: log.custom_data.introspect_scope
                  value: $(oauth.introspect.scope)
                  type: string
                - set: log.custom_data.introspect_client_id
                  value: $(oauth.introspect.client_id)
                  type: string


    Out of all the variables I'm trying to log, only the result and access_token are actually logged. All other fields are empty. 
     "custom_data": {
            "result": "SUCCESS",
            "access_token": "eyJ0eXAiOiJK..........-QRUe50",
            "introspect_scope": "",
            "misc_info": "",
            "scope": "",
            "introspect_client_id": "",
            "client_id": ""
          },
    What am I missing? How do I get the client_id and scope logged? 


    ------------------------------
    Rohith Kodakandla
    ------------------------------


  • 2.  RE: Unable to log claims from the verified access token

    Posted 8 hours ago

    Hi Rohith,

    You're using variables that are specific for Native OAuth Provider, not Third Party OAuth Provider, that's why they're empty. The set of information available is more limited there though.

    Regards

    Szymon



    ------------------------------
    Szymon Stupkiewicz
    ------------------------------

    Original Message


  • 3.  RE: Unable to log claims from the verified access token

    Posted 29 minutes ago
    Edited by Mounika Nayikoti 25 minutes ago

    Hi Rohith Kodakandla

    extending Szymon Stupkiewicz explanation. For a 3rd party OAuth provider, refer the following variables to log the client ID and scope instead:

    • oauth.third_party.response.client_id

    • oauth.third_party.response.scope

    These will correctly retrieve the client ID and scope from the third-party OAuth response.

    Hope this helps!



    ------------------------------
    Mounika Nayikoti
    ------------------------------

    Original Message


Related Content