The OAuth 2.0 client policy filters in API Gateway generate message attributes that can be queried further using the API Gateway selector syntax. The message attributes generated by the OAuth 2.0 client filters include the following:
-
oauth.client.accesstoken
-
oauth.client.application
For more details on selectors, see the API Gateway User Guide.
The following methods are available to call on the oauth.client.accesstoken
message attribute:
${oauth.client.accesstoken.getAuthentication()} ${oauth.client.accesstoken.getClientId()} ${oauth.client.accesstoken.getAccessToken()} ${oauth.client.accesstoken.getCreated()} ${oauth.client.accesstoken.isExpired()} ${oauth.client.accesstoken.hasRefresh()} ${oauth.client.accesstoken.getRefreshToken()} ${oauth.client.accesstoken.getExpiresIn()} ${oauth.client.accesstoken.getExpiryDate()} ${oauth.client.accesstoken.getParams()} ${oauth.client.accesstoken.getTokenType()}
The following example shows output from querying each of the oauth.client.accesstoken
methods:
regadmin ClientConfidentialApp SIDnxbYabJwRZpKexUx6R3dTEwKOj0afQo7sr2DrDYuJaVCAb9xvPBk Thu Mar 06 12:34:44 GMT 2014 false true GokdAuu706ydZtNkl92UEPmnJRNmVBJPiPVGGrEwXKz5Uh 3599 Thu Mar 06 13:34:43 GMT 2014 {state=9a388d14-a0e9-4b32-9003-e322c93279dd, scope=resource.WRITE}
This attribute represents the provider profile selected in the filter. It contains the provider details,
such as token and authorization endpoints, and the token store, as well as the specifics of the client
application including the client ID and secret. The following methods are available to call on the
oauth.client.application
message attribute:
${oauth.client.application.getTokenURL()} ${oauth.client.application.getAuthentication()} ${oauth.client.application.getProviderName()} ${oauth.client.application.getAppName()} ${oauth.client.application.getClientID()} ${oauth.client.application.getFlow()} ${oauth.client.application.getClientSecret()} ${oauth.client.application.getExtraTokenRequestProps()} ${oauth.client.application.getScopes()} ${oauth.client.application.getLocationOfClientDetails()} ${oauth.client.application.getClientIdHeaderName()} ${oauth.client.application.getClientSecretHeaderName()} ${oauth.client.application.getTokenStore()} ${oauth.client.application.getToken()} ${oauth.client.application.getTokenFromStore()} ${oauth.client.application.getProvider()}
The following example shows output from querying each of the oauth.client.application
methods:
https://127.0.0.1:8089/api/oauth/token regadmin API Gateway Sample Client Authzcode App ClientConfidentialApp authorization_code 9cb76d80-1bc2-48d3-8d31-edeec0fddf6c {} [resource.WRITE] QueryString client_id client_secret an object of type com.vordel.circuit.oauth.persistence.SynchronizedClientTokenStore an object of type com.vordel.oauth.client.store.OAuth2ClientAccessToken an object of type com.vordel.oauth.client.store.OAuth2ClientAccessToken an object of type com.vordel.oauth.client.providers.BaseOAuth2Provider