Layer7 API Management

Hello

The back end is Oauth protected with grant_type : authorization_code.

The flow is working fine to get the access token via PostMan. when trying to implement in Layer7/CA PolicyManager its giving the below error.

• mainpart = {String} "{"error_description":"Missing parameters: code redirect_uri","error":"invalid_request"}"

Here is the assertion
Can anyone please advise on this issue.


Thanks

Hi Vamsi,

Can you confirm the version of OTK you are using?

A working sample of the 'Retrieve OAuth 2.0 Token; assertion with the auth code flow can be found here. If you have installed the test clients you may want to run through this for comparison.

https://community.broadcom.com/enterprisesoftware/viewdocument/retrieve-oauth-20-token-assertion?CommunityKey=0f580f5f-30a4-41de-a75c-e5f433325a18&tab=librarydocuments

Additionally, a list of required parameters can be found here for comparison to your policy.

https://docops.ca.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-3/oauth-request-scenarios.html


Regards,
Joe
Original Message:
Sent: 11-07-2019 02:51 AM
From: vamsi garimella
Subject: RetrieveOauthToken Assertion outputs missing parameters

Hello

The back end is Oauth protected with grant_type : authorization_code.

The flow is working fine to get the access token via PostMan. when trying to implement in Layer7/CA PolicyManager its giving the below error.

• mainpart = {String} "{"error_description":"Missing parameters: code redirect_uri","error":"invalid_request"}"

Here is the assertion

Can anyone please advise on this issue.


Thanks

Hello Joe

Version of OTK is 4.1.

the working sample for "Retrieve OAuth 2.0 Token" you have shared cannot be recognized in our current environment.


So do you recommend updating to latest OTK version, to get this sorted?

If so what is the latest OTKversion and compatible policy-manager version.


Thanks
Vamsi.
Original Message:
Sent: 11-07-2019 08:22 AM
From: Joe Dascole
Subject: RetrieveOauthToken Assertion outputs missing parameters

Hi Vamsi,

Can you confirm the version of OTK you are using?

A working sample of the 'Retrieve OAuth 2.0 Token; assertion with the auth code flow can be found here. If you have installed the test clients you may want to run through this for comparison.

https://community.broadcom.com/enterprisesoftware/viewdocument/retrieve-oauth-20-token-assertion?CommunityKey=0f580f5f-30a4-41de-a75c-e5f433325a18&tab=librarydocuments

Additionally, a list of required parameters can be found here for comparison to your policy.

https://docops.ca.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-3/oauth-request-scenarios.html


Regards,
Joe
Original Message:
Sent: 11-07-2019 02:51 AM
From: vamsi garimella
Subject: RetrieveOauthToken Assertion outputs missing parameters

Hello

The back end is Oauth protected with grant_type : authorization_code.

The flow is working fine to get the access token via PostMan. when trying to implement in Layer7/CA PolicyManager its giving the below error.

• mainpart = {String} "{"error_description":"Missing parameters: code redirect_uri","error":"invalid_request"}"

Here is the assertion

Can anyone please advise on this issue.


Thanks

Hi Vamsi,

The assertion is actually part of MAG. The screenshot you are showing, however, does not look familiar. Are you using a custom encapsulated assertion to handle this request? The out of box assertion generally looks like the below. If you are using a custom encap we would need to see what the underlying policy looks like to get an idea of where the issue may be.


Original Message:
Sent: 11-11-2019 02:51 AM
From: vamsi garimella
Subject: RetrieveOauthToken Assertion outputs missing parameters

Hello Joe

Version of OTK is 4.1.

the working sample for "Retrieve OAuth 2.0 Token" you have shared cannot be recognized in our current environment.

So do you recommend updating to latest OTK version, to get this sorted?

If so what is the latest OTKversion and compatible policy-manager version.


Thanks
Vamsi.
Original Message:
Sent: 11-07-2019 08:22 AM
From: Joe Dascole
Subject: RetrieveOauthToken Assertion outputs missing parameters

Hi Vamsi,

Can you confirm the version of OTK you are using?

A working sample of the 'Retrieve OAuth 2.0 Token; assertion with the auth code flow can be found here. If you have installed the test clients you may want to run through this for comparison.

https://community.broadcom.com/enterprisesoftware/viewdocument/retrieve-oauth-20-token-assertion?CommunityKey=0f580f5f-30a4-41de-a75c-e5f433325a18&tab=librarydocuments

Additionally, a list of required parameters can be found here for comparison to your policy.

https://docops.ca.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-management-oauth-toolkit/4-3/oauth-request-scenarios.html


Regards,
Joe
Original Message:
Sent: 11-07-2019 02:51 AM
From: vamsi garimella
Subject: RetrieveOauthToken Assertion outputs missing parameters

Hello

The back end is Oauth protected with grant_type : authorization_code.

The flow is working fine to get the access token via PostMan. when trying to implement in Layer7/CA PolicyManager its giving the below error.

• mainpart = {String} "{"error_description":"Missing parameters: code redirect_uri","error":"invalid_request"}"

Here is the assertion

Can anyone please advise on this issue.


Thanks

I do see you are using https endpoint. can you verify the authorization server https certificate is imported on the gateway. you can check in the audit log whether you have problem routing to error also if you are using url based http parameter for the post request finally you can trace the request from the gateway by setting the audit.defaultThreshold to FINEST and see the exact point of failure to help you troubleshoot further
Original Message:
Sent: 11-07-2019 02:51 AM
From: vamsi garimella
Subject: RetrieveOauthToken Assertion outputs missing parameters

Hello

The back end is Oauth protected with grant_type : authorization_code.

The flow is working fine to get the access token via PostMan. when trying to implement in Layer7/CA PolicyManager its giving the below error.

• mainpart = {String} "{"error_description":"Missing parameters: code redirect_uri","error":"invalid_request"}"

Here is the assertion

Can anyone please advise on this issue.


Thanks

Also notice the Oauth Toolkit in you screenshot seems to be an older version. Recommendation would to update that as it has capabilities for Oauth 1.0 or Oauth 2.0 as separate assertion
Original Message:
Sent: 11-07-2019 09:02 AM
From: Ronald DSouza
Subject: RetrieveOauthToken Assertion outputs missing parameters

I do see you are using https endpoint. can you verify the authorization server https certificate is imported on the gateway. you can check in the audit log whether you have problem routing to error also if you are using url based http parameter for the post request finally you can trace the request from the gateway by setting the audit.defaultThreshold to FINEST and see the exact point of failure to help you troubleshoot further
Original Message:
Sent: 11-07-2019 02:51 AM
From: vamsi garimella
Subject: RetrieveOauthToken Assertion outputs missing parameters

Hello

The back end is Oauth protected with grant_type : authorization_code.

The flow is working fine to get the access token via PostMan. when trying to implement in Layer7/CA PolicyManager its giving the below error.

• mainpart = {String} "{"error_description":"Missing parameters: code redirect_uri","error":"invalid_request"}"

Here is the assertion

Can anyone please advise on this issue.


Thanks

Dear Vamsi,
It is not the token endpoint of OTK, it seems you use the assertion against a 3rd party oauth server. I am doubt that it would work, as the parameter name of the generated request could be different with the one required by the 3rd party oauth server.

I would suggest to build the requests matching the 3rd party oauth server specs, and use route via http(s) assertion to send the requests as per the authcode flow. 

Regards,
Mark
Original Message:
Sent: 11-07-2019 02:51 AM
From: vamsi garimella
Subject: RetrieveOauthToken Assertion outputs missing parameters

Hello

The back end is Oauth protected with grant_type : authorization_code.

The flow is working fine to get the access token via PostMan. when trying to implement in Layer7/CA PolicyManager its giving the below error.

• mainpart = {String} "{"error_description":"Missing parameters: code redirect_uri","error":"invalid_request"}"

Here is the assertion

Can anyone please advise on this issue.


Thanks

Mark,

When we hit the AUth URL in the browser it presents with the login page.


After you login the page redirects to the redirect URI set in the URL and presents us with the auth code with we need to pass in next call to the token access URL to get the access token. Please advise if this is do able with in Policy Manager and how.


Thanks
Vamsi Garimella
Original Message:
Sent: 11-07-2019 05:28 PM
From: Zhijun He
Subject: RetrieveOauthToken Assertion outputs missing parameters

Dear Vamsi,
It is not the token endpoint of OTK, it seems you use the assertion against a 3rd party oauth server. I am doubt that it would work, as the parameter name of the generated request could be different with the one required by the 3rd party oauth server.

I would suggest to build the requests matching the 3rd party oauth server specs, and use route via http(s) assertion to send the requests as per the authcode flow.

Regards,
Mark
Original Message:
Sent: 11-07-2019 02:51 AM
From: vamsi garimella
Subject: RetrieveOauthToken Assertion outputs missing parameters

Hello

The back end is Oauth protected with grant_type : authorization_code.

The flow is working fine to get the access token via PostMan. when trying to implement in Layer7/CA PolicyManager its giving the below error.

• mainpart = {String} "{"error_description":"Missing parameters: code redirect_uri","error":"invalid_request"}"

Here is the assertion

Can anyone please advise on this issue.


Thanks

Dear Vamsi,
OTK is an implementation of Oauth 2 server, it follows Oauth standard, and uses standard parameters.
But other Oauth server could have different implementation.
As you can see in the sample policy Joe provided, the authorization endpoint of OTK is,
/auth/oauth/v2/authorize

The token endpoint of OTK is,
/auth/oauth/v2/token

Apparently you're not asking access token against OTK, (that's fine, it's the choice of backend service) then using OTK assertion to retrieve token may not work as expected.

Secondly, the redirect url should point to somewhere which can handle the granted auth code, and call the token endpoint to retrieve tokens. I don't think google.com can be a valid redirect_uri.

 
Regards,
Mark
Original Message:
Sent: 11-19-2019 04:19 AM
From: vamsi garimella
Subject: RetrieveOauthToken Assertion outputs missing parameters

Mark,

When we hit the AUth URL in the browser it presents with the login page.

After you login the page redirects to the redirect URI set in the URL and presents us with the auth code with we need to pass in next call to the token access URL to get the access token.

Please advise if this is do able with in Policy Manager and how.


Thanks
Vamsi Garimella
Original Message:
Sent: 11-07-2019 05:28 PM
From: Zhijun He
Subject: RetrieveOauthToken Assertion outputs missing parameters

Dear Vamsi,
It is not the token endpoint of OTK, it seems you use the assertion against a 3rd party oauth server. I am doubt that it would work, as the parameter name of the generated request could be different with the one required by the 3rd party oauth server.

I would suggest to build the requests matching the 3rd party oauth server specs, and use route via http(s) assertion to send the requests as per the authcode flow.

Regards,
Mark
Original Message:
Sent: 11-07-2019 02:51 AM
From: vamsi garimella
Subject: RetrieveOauthToken Assertion outputs missing parameters

Hello

The back end is Oauth protected with grant_type : authorization_code.

The flow is working fine to get the access token via PostMan. when trying to implement in Layer7/CA PolicyManager its giving the below error.

• mainpart = {String} "{"error_description":"Missing parameters: code redirect_uri","error":"invalid_request"}"

Here is the assertion

Can anyone please advise on this issue.


Thanks