Unable to extract and read the scope values from OA2-GetOriginalStateAttributes.xml on the identity-facade reference
PratMoha opened this issue · comments
Hi Team,
During the testing of the identity facade, our team encountered an issue where we're unable to extract the scope and few other attributes set in OA2-StoreExternalAuthorizationCode-PKCE( during callback endpoint) and retrieved in OA2-GetOriginalStateAttributes(in token endpoint).
Due to this we're unable to pass the scope to the idp during the service callout SC-IdpTokenIssuance (in token endpoint).
We're currently extracting other attributes values from VJ-VerifyJwtFromIdp(in token endpoint), but as we're also storing nonce, which sometimes contains special character +, and that is getting replaced by a space value.
For example: fhsjdhcowk+1edfdgsg gets replaced as fhsjdhcowk 1edfdgsg.
Any solution to extract the scope before calling the service callout.
Regards,
Hello PratMoha:
I did a test and I can see the initial scope extracted from the oauthv2authcode.OA2-GetOriginalStateAttributes.scope
variable as you can see on the following screenshot.
Can you check on your side that the IdP request contains this value (cf. policy AM-BuildIdpRequest
) ?
--
![Screenshot 2024-03-14 at 09 30 18](https://private-user-images.githubusercontent.com/18194718/312760455-52e6a7bf-2806-4663-bbdc-aeb0ea571917.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTQ4MjUyMjksIm5iZiI6MTcxNDgyNDkyOSwicGF0aCI6Ii8xODE5NDcxOC8zMTI3NjA0NTUtNTJlNmE3YmYtMjgwNi00NjYzLWJiZGMtYWViMGVhNTcxOTE3LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA1MDQlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNTA0VDEyMTUyOVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTFlOWVhZjdjMGJhNzRkMTdiOTJkMGU3OGYxMTc2NzI2N2ZjZWFkYWY1ZTQ0MDY3YWUyMzJhYWMzYTRlNzVlOGEmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.m79arbPH8HippsBMLfuCnqn5AqFZRxrfOHpYR1yCp_s)
Thank you for your swift response @JoelGauci ,
I'm running this on Apigee X and below is the response on my end. The Token call succeeds but it is missing the scope variable extracted from OA2-GetOriginalStateAttributes.
In apigee X, runtime variables doesn't show up in most cases. Also adding the request body for the service callout.
grant_type=authorization_code&code=XXXXXXX&redirect_uri=https%3A%2F%2Foauth.xxxx.io%2Fv1%2Fcallback&code_verifier=xxxxxxxxxx
Maybe I'm missing some additional configuration.