Send Docs Feedback

Set OAuth V2 Info policy

  About | Samples | Element reference | Flow variables | Schema  | Related topics

What

Lets you add or update custom attributes associated with an access token, refresh token, or authorization code. Custom attributes might include things like department name, a customer ID, or a session identifier. See also Customizing tokens and auth codes.

You can only add or modify custom attributes. You cannot use this policy to change fields like scope, status, expires_in, developer_email, client_id, org_name, or refresh_count. If an attribute already exists, this policy updates it. If it does not exist, the policy adds it. The access token referenced must be valid and in an approved state.

 

Where

This policy can be attached in the following locations. See the Samples for specific attachment guidance in different situations.

ProxyEndpoint TargetEndpoint
    PreFlow Flow PostFlow PreFlow Flow PostFlow    
Request    
    Response
    PostFlow Flow PreFlow PostFlow Flow PreFlow    

Samples

Below is an example policy used to update an OAuth 2.0 access token. The example below locates the access token on the request message by looking for a query parameter called access_token. When an access token is presented by a client app, the policy below will locate the access token in the query parameter. It will then update the access token's profile in two ways: it will added a custom property called department.id to the profile. It will also modify the access token's scope property to the value READ, WRITE.

<SetOAuthV2Info name="SetOAuthV2Info"> 
  <AccessToken ref="request.queryparam.access_token"></AccessToken>
  <Attributes>
    <Attribute name="department.id" ref="request.queryparam.department_id"></Attribute>
    <Attribute name="scope" ref="">READ, WRITE</Attribute>
  </Attributes>
</SetOAuthV2Info>

If an attribute already exists in the access token profile, then it will be updated with the new value in the policy. If an attribute does not exist, then the attribute will be added to the access token's profile.


Element Reference

The element reference describes the elements and attributes of the SetOAuthV2 policy.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<SetOAuthV2Info async="false" continueOnError="false" enabled="true" name="SetOAuthV2Info-1">    
    <DisplayName>Set OAuth v2.0 Info 1</DisplayName>
    <AccessToken ref={some-variable}></AccessToken>
    <Attributes/>
</SetOAuthV2Info

<SetOAuthV2Info> attributes

<SetOAuthV2Info async="false" continueOnError="false" enabled="true" name="Set-OAuth-v20-Info-1">
Attribute Description Default Presence
async

Set to true to specify that the policy should be run in a thread pool different than the pool servicing the request/response flow. Default is false.

This setting is only used for for internal optimization.

false Optional
continueOnError

Most policies are expected to return an error when a failure occurs. By setting this attribute to true, Flow execution continues on failure.

false Optional
enabled Determines whether a policy is enforced or not. If set to false, a policy is 'turned off', and not enforced (even though the policy remains attached to a Flow). true Optional
name

The internal name of the policy. This name is referenced in Step elements to attach the policy to a Flow.

Note: Characters you can use in the name are restricted to: A-Z0-9._\-$ %. The Management UI enforces additional restrictions, such as automatically removing characters that are not alphanumeric.

N/A Required

<AccessToken> element

Identifies the variable where the access token is located. For example, if the access token is attached to request message as a query parameter, specify request.queryparam.access_token. You can use any valid variable that references the token. Or, could pass in the literal token string (rare case).

 <AccessToken ref="request.queryparam.access_token"></AccessToken>
Default: N/A
Presence: Required
Type: String

Attributes

Attribute Description Default Presence
ref

An access token variable. Typically, retrieved from a flow variable.

N/A Optional

<Attributes> element

A set of attributes in the access token profile that will be modified or augmented.

Default: N/A
Presence: Required
Type: N/A

<Attributes>/<Attribute> element

An individual attribute to update.

The name attribute identifies the property of the access token profile to be updated. For example, to modify the access token's scope property, specify scope as the value of the name attribute.

The ref attribute specifies either variable or a static whose value will be used as the value of the access token profile property that will be updated. For example to update the attribute scope with the value READ, WRITE:

  <Attributes>
    <Attribute name="department.id" ref="request.queryparam.department_id"></Attribute>
    <Attribute name="scope" ref="">READ, WRITE</Attribute>
  </Attributes>
Default: N/A
Presence: Optional
Type: N/A

Attributes

Attribute Description Default Presence
name The name of the profile attribute to add or change. N/A  
ref

The value to assign to the profile attribute.

N/A Optional

 

<DisplayName> element

A natural-language name that labels the policy in the management UI proxy editor. If omitted, the policy name attribute is used.

<DisplayName>SetOAuthV2Info 1</DisplayName>
Default: The value of the policy's name attribute.
Presence: Optional
Type: String

Flow variables

On success, the following flow variables will be set:

  • oauthv2accesstoken.{policyName}.access_token
  • oauthv2accesstoken.{policyName}.client_id
  • oauthv2accesstoken.{policyName}.refresh_count
  • oauthv2accesstoken.{policyName}.organization_name
  • oauthv2accesstoken.{policyName}.expires_in
  • oauthv2accesstoken.{policyName}.refresh_token_expires_in
  • oauthv2accesstoken.{policyName}.issued_at
  • oauthv2accesstoken.{policyName}.status
  • oauthv2accesstoken.{policyName}.api_product_list
  • oauthv2accesstoken.{policyName}.token_type
  • oauthv2accesstoken.{policyName}.{custom_attribute_name}

On failure, following variable will be set:

  • oauthv2accesstoken.{policyName}.failed: true

Schema

Each policy type is defined by an XML schema (.xsd). For reference, policy schemas are available on GitHub.

Related topics

Help or comments?

  • If something's not working: Ask the Apigee Community or see Apigee Support.
  • If something's wrong with the docs: Click Send Docs Feedback on this page.
    (Incorrect? Unclear? Broken link? Typo?)