Layer 7 API Management

Expand all | Collapse all

OAUTH token (grant_type=password)

Jump to Best Answer
  • 1.  OAUTH token (grant_type=password)

    Posted 17 days ago
    Is it possible to override OOTB(Out of the box) /v2/token policy to all empty "password", "username"?

    My requirement: Allow empty password, username parameters into downstream for the appropriate error message.

    So, unable to override below "Validate HTML form data". Anyone can help/suggest to achieve it.

    /auth/oauth/v2/token --> Validate HTML Form Data --> choose Allow Empty option.


  • 2.  RE: OAUTH token (grant_type=password)
    Best Answer

    Posted 15 days ago
    Hi Tattwadarsi,

    May I ask why the need to remove this? The password grant is specifically designed for this purpose to exchange the id/pw for an access token. The vague messages you sometimes encounter are intentional as to not give away too much detail about the request. Ie: invalid resource owner vs bad password.

    With that being said, this assertion in the v2/token endpoint is not yet looking to validate the presence of the uid/pw. OOTB the only requirement at that point in the policy should be the grant type. If you are seeing something different please let me know the version so I can review further.

    You can confirm the same by sending this request to your Gateway (replacing gwHost with your Gateway name)

    Request (notice we are using a bad grant type just to prove the response)

    POST https://gwHost:8443/auth/oauth/v2/token HTTP/1.1
    Accept-Encoding: gzip,deflate
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 15
    Host: gwHost:8443
    Connection: Keep-Alive
    User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

    grant_type=noGrant

    Expected Response

    HTTP/1.1 400 Bad Request
    Server: Apache-Coyote/1.1
    x-ca-err: 3003119
    Cache-Control: no-store
    Pragma: no-cache
    Content-Type: application/json;charset=UTF-8
    Content-Length: 104
    Date: Wed, 07 Aug 2019 13:20:34 GMT
    Connection: close

    {
    "error":"unsupported_grant_type",
    "error_description":"The given grant_type is not supported"
    }


    Regards,
    Joe