Hi 

i am using Custom Oauth Client , i have used below code for generating the access token .

For Issuing the access token
1. Issue-access-token operation
     <xsl:when test="/input/operation = 'issue-access-token'">                       <access_token><xsl:value-of select="dp:generate-uuid()"/></access_token>                        <expires_in type="json:number">3600</expires_in> </xsl:when>

For Verify access token
2. Verify-access-token
     <xsl:when test="/input/operation = 'verify-access-token'">                            <client_id><xsl:value-of select="'POC'"/></client_id>                           <scope><xsl:value-of select="'/accounts'"/></scope>     </xsl:when>


Question:

When i use custom Oauth Client xslt , it is not verifying the access token properly . It just takes whatever provided in Bearer token and allows that transaction

Do we need to add any additional logic in verify-access-token to make sure it validates the access token which was issued by datapower ?.


------------------------------
santhosh
------------------------------

@Hermann Stamm-Wilbrandt
any pointers on this problem statement
​

------------------------------
santhosh
------------------------------

Original Message:
Sent: Tue June 16, 2020 04:25 PM
From: santhosh yelimineti
Subject: Custom Oauth Client

Hi 

i am using Custom Oauth Client , i have used below code for generating the access token .

For Issuing the access token
1. Issue-access-token operation
     <xsl:when test="/input/operation = 'issue-access-token'">     <xsl:when test="/input/operation = 'issue-access-token'">                       <access_token><xsl:value-of select="dp:generate-uuid()"/></access_token>                        <expires_in type="json:number">3600</expires_in> </xsl:when>

For Verify access token
2. Verify-access-token
                   <xsl:when test="/input/operation = 'verify-access-token'">                   <xsl:when test="/input/operation = 'verify-access-token'">                            <client_id><xsl:value-of select="'POC'"/></client_id>                           <scope><xsl:value-of select="'/accounts'"/></scope>     </xsl:when>


Question:

When i use custom Oauth Client xslt , it is not verifying the access token properly . It just takes whatever provided in Bearer token and allows that transaction

Do we need to add any additional logic in verify-access-token to make sure it validates the access token which was issued by datapower ?.


------------------------------
santhosh
------------------------------

please raise support ticket and probvide config export to answer that

------------------------------
Hermann Stamm-Wilbrandt
Compiler Level 3 support & Fixpack team lead
IBM DataPower Gateways (⬚ᵈᵃᵗᵃ / ⣏⠆⡮⡆⢹⠁⡮⡆⡯⠂⢎⠆⡧⡇⣟⡃⡿⡃)
https://stamm-wilbrandt.de/en/blog/
------------------------------

Original Message:
Sent: Wed June 17, 2020 03:50 AM
From: santhosh yelimineti
Subject: Custom Oauth Client


@Hermann Stamm-Wilbrandt
any pointers on this problem statement
​

------------------------------
santhosh

Original Message:
Sent: Tue June 16, 2020 04:25 PM
From: santhosh yelimineti
Subject: Custom Oauth Client

Hi 

i am using Custom Oauth Client , i have used below code for generating the access token .

For Issuing the access token
1. Issue-access-token operation
     <xsl:when test="/input/operation = 'issue-access-token'">     <xsl:when test="/input/operation = 'issue-access-token'">                       <access_token><xsl:value-of select="dp:generate-uuid()"/></access_token>                        <expires_in type="json:number">3600</expires_in> </xsl:when>

For Verify access token
2. Verify-access-token
                   <xsl:when test="/input/operation = 'verify-access-token'">                   <xsl:when test="/input/operation = 'verify-access-token'">                            <client_id><xsl:value-of select="'POC'"/></client_id>                           <scope><xsl:value-of select="'/accounts'"/></scope>     </xsl:when>


Question:

When i use custom Oauth Client xslt , it is not verifying the access token properly . It just takes whatever provided in Bearer token and allows that transaction

Do we need to add any additional logic in verify-access-token to make sure it validates the access token which was issued by datapower ?.


------------------------------
santhosh
------------------------------