search

Axway-API-Management-Plus / apim-cli

Axway API-Management CLI - Manage your platform from the command line or with your CI/CD pipeline
Apache License 2.0
45 stars 17 forks source link

APIImportApp ERROR: Invalid Oauth token info policy #477

Closed gfonteneau closed 3 months ago

gfonteneau commented 7 months ago

APIM-CLI version

1.14.4

API-Management version

7.7.0.20240228

Bug description

we try to deploy an api with an "OAuth Token Information Policy". The deploy work fine in apim-cli 1.13.6 to an apim 7.7.0.20240228 but we got an error with apim-cli 1.14.4

Steps to reproduce

in our api json we have a security Profiles : 

 "securityProfiles": [
    {
      "name": "_default",
      "isDefault": true,
      "devices": [
        {
          "type": "oauthExternal",
          "name": "OAuth (External)",
          "order": 1,
          "properties": {
            "tokenStore": "<key type='CircuitContainer'><id field='name' value='XXXXXXX'/><key type='CircuitContainer'><id field='name' value='XXXXXXXXX'/><key type='FilterCircuit'><id field='name' value='Token Validation Policy'/></key></key></key>",
            "accessTokenLocation": "HEADER",
            "authorizationHeaderPrefix": "Bearer",
            "accessTokenLocationQueryString": "",
            "scopesMustMatch": "Any",
            "scopes": "empty-allow",
            "removeCredentialsOnSuccess": true,
            "implicitGrantEnabled": true,
            "useClientRegistry": true,
            "implicitGrantLoginEndpointUrl": "https://localhost:8089/api/oauth/authorize",
            "implicitGrantLoginTokenName": "access_token",
            "authCodeGrantTypeEnabled": true,
            "authCodeGrantTypeRequestEndpointUrl": "https://localhost:8089/api/oauth/authorize",
            "authCodeGrantTypeRequestClientIdName": "client_id",
            "authCodeGrantTypeRequestSecretName": "client_secret",
            "authCodeGrantTypeTokenEndpointUrl": "https://localhost:8089/api/oauth/token",
            "authCodeGrantTypeTokenEndpointTokenName": "access_code",
            "subjectSelector": "${oauth.token.client_id}",
            "oauth.token.client_id": "${oauth.token.client_id}",
            "oauth.token.scopes": "${oauth.token.scopes}",
            "oauth.token.valid": "${oauth.token.valid}",
            "oauth.token.uid": "${oauth.token.uid}"
          }
        }
      ]
    }
  ]

Relevant log output

we got this error :

2024-04-05 12:07:57,638 [RestAPICall] DEBUG: Http verb:GET and URI: https://ourserver:443/api/portal/v1.4/policies?type=oauthtokeninfo
2024-04-05 12:07:57,672 [APIImportApp] ERROR: Invalid Oauth token info policy : <key type='CircuitContainer'><id field='name' value='XXXXXXX'/><key type='CircuitContainer'><id field='name' value='XXXXXXXXX'/><key type='FilterCircuit'><id field='name' value='Token Validation Policy'/></key></key></key>
com.axway.apim.lib.error.AppException: Invalid Oauth token info policy : <key type='CircuitContainer'><id field='name' value='XXXXXXX'/><key type='CircuitContainer'><id field='name' value='XXXXXXXXX'/><key type='FilterCircuit'><id field='name' value='Token Validation Policy'/></key></key></key>
    at com.axway.apim.adapter.apis.APIManagerPoliciesAdapter.handleExternalOauth(APIManagerPoliciesAdapter.java:210)
    at com.axway.apim.adapter.apis.APIManagerPoliciesAdapter.updateSecurityProfiles(APIManagerPoliciesAdapter.java:182)
    at com.axway.apim.apiimport.APIChangeState.getChanges(APIChangeState.java:66)
    at com.axway.apim.apiimport.APIChangeState.<init>(APIChangeState.java:54)
    at com.axway.apim.APIImportApp.importAPI(APIImportApp.java:93)
    at com.axway.apim.APIImportApp.importAPI(APIImportApp.java:52)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at com.axway.apim.cli.APIManagerCLI.run(APIManagerCLI.java:129)
    at com.axway.apim.cli.APIManagerCLI.main(APIManagerCLI.java:72)
2024-04-05 12:07:57,675 [APIManagerAdapter] DEBUG: Closing cache ...
rathnapandi commented 6 months ago

Hi @gfonteneau,

Can you change the element tokenStore from

           "tokenStore": "<key type='CircuitContainer'><id field='name' value='XXXXXXX'/><key type='CircuitContainer'><id field='name' value='XXXXXXXXX'/><key type='FilterCircuit'><id field='name' value='Token Validation Policy'/></key></key></key>",

to

 "tokenStore": "Token Validation Policy"
rathnapandi commented 3 months ago

@gfonteneau, Please reopen the issue if above suggestion does not work.