Closed PratMoha closed 3 months ago
JoelGauci
commented
3 months ago Hello PratMoha:
I did a test and I can see the initial scope extracted from the oauthv2authcode.OA2-GetOriginalStateAttributes.scope variable as you can see on the following screenshot.
Can you check on your side that the IdP request contains this value (cf. policy AM-BuildIdpRequest) ?
--
PratMoha
commented
3 months ago Thank you for your swift response @JoelGauci ,
I'm running this on Apigee X and below is the response on my end. The Token call succeeds but it is missing the scope variable extracted from OA2-GetOriginalStateAttributes.
In apigee X, runtime variables doesn't show up in most cases. Also adding the request body for the service callout.
grant_type=authorization_code&code=XXXXXXX&redirect_uri=https%3A%2F%2Foauth.xxxx.io%2Fv1%2Fcallback&code_verifier=xxxxxxxxxx
Maybe I'm missing some additional configuration.
Hi Team,
During the testing of the identity facade, our team encountered an issue where we're unable to extract the scope and few other attributes set in OA2-StoreExternalAuthorizationCode-PKCE( during callback endpoint) and retrieved in OA2-GetOriginalStateAttributes(in token endpoint). Due to this we're unable to pass the scope to the idp during the service callout SC-IdpTokenIssuance (in token endpoint).
We're currently extracting other attributes values from VJ-VerifyJwtFromIdp(in token endpoint), but as we're also storing nonce, which sometimes contains special character +, and that is getting replaced by a space value.
For example: fhsjdhcowk+1edfdgsg gets replaced as fhsjdhcowk 1edfdgsg.
Any solution to extract the scope before calling the service callout.
Regards,