Layer7 API Management

The custom field contents are stored in the ${custom} variable that has the following structure:  {"client_custom": ${client_custom}, "client_key_custom": ${client_key_custom}}

Where can we retrieve these values  {"client_custom": ${client_custom}, "client_key_custom": ${client_key_custom}} in /token end point.

Hi,

I usually find these values as output variables of 'OTK Client Authentication' Assertion in the /token endpoint

I could find the ${client_key_custom} from session tracking ,but unable to find the ${session_custom} in the token end point.

The 'OTK Session Tracking' Assertion sets the ${session_output} variable which includes ${client_custom} and ${client_key_custom} obtained from the previous 'OTK Client Authentication' Assertion.

These values then can be retrieved using the 'OTK Require Oauth 2.0 Token' Assertion in your protected APIs

${session.custom} looks something like this.

You can then use 'Evaluate JSON Path Expression' Assertion to get client custom field to perform additional tasks. (for example, in my case I save the client's certificate thumbprint when the client is registered. I then make sure the same client is calling the protected APIs by mandating client certificate in request and checking its thumbprint against that is saved in the token DB. I also use custom_lifetime for client specific token lifetimes)

Thanks

You're welcome. Please mark my reply as answer if you're satisfied so others may be able to get help too