Layer7 API Management

  • 1.  OTK with portal doenst work

    Posted Jan 27, 2017 04:37 AM

    Hi Comunity,

     

    I installed OTK on the api gateway and also exchanged the "OTK Client DB Get" fragment, but when I generate a key from the Developer Portal I can not retrieve a token through the endpoint "https://apihom.amil.com.br/ Auth / oauth / v2 / token ".

    I have done some analysis, first in the OTK tables, mainly in the oauth_client_key and portal_apikey table, no key and a secret is added in these tables.

     

    Another verification that I realized is that when I generate the key through the portal the Gateway is triggered through two requests:

     

       - https://apihom.amil.com.br:443/api/keys/generate
       - https://apihom.amil.com.br:443/api/keys/update

     

     

    Regards

     

    Matheus Isquierdo



  • 2.  Re: OTK with portal doenst work

    Broadcom Employee
    Posted Jan 27, 2017 08:45 AM

    Hi matmoreno,

     

    Can you share the error you are receiving? Did you install and verify the OAuth test client works correctly?

    Once you integrate with portal the oauth client is managed in the SSG generic_entity table. You should be able to find the client ID and secret here.

     

    Regards,

    Joe



  • 3.  Re: OTK with portal doenst work

    Posted Jan 27, 2017 08:52 AM

    Oww Nice, I find the key and secret in this table "generic_entity",

     

    <L7j:col name="name" type="java.lang.String">l7xx1cc0658743c741cf8dc05cf8c5ada531</L7j:col>
    <L7j:col name="value_xml" type="java.lang.String">
    <![CDATA[
    <?xml version="1.0" encoding="UTF-8"?> <java version="1.8.0_73" class="java.beans.XMLDecoder"> <object class="com.l7tech.external.assertions.apiportalintegration.server.apikey.manager.ApiKey" id="ApiKey0"> <void property="accountPlanMappingId"> <string>78</string> </void> <void property="customMetaData"> <string></string> </void> <void property="id"> <string>28551c02625bbd64c6b4f169750f8702</string> </void> <void property="label"> <string>TesteMatheus</string> </void> <void property="lastUpdate"> <object class="java.util.Date"> <long>1484935034070</long> </object> </void> <void property="name"> <string>l7xx1cc0658743c741cf8dc05cf8c5ada531</string> </void> <void property="oauthCallbackUrl"> <string></string> </void> <void property="oauthScope"> <string>testematheus</string> </void> <void property="oauthType"> <string>public</string> </void> <void property="platform"> <string>Hybrid</string> </void> <void property="secret"> <string>1c58ee521e954de787e0df44c357b590</string> </void> <void property="serviceIds"> <void method="put"> <string>89f6e814-1aad-42cd-bfbb-63b69563679a</string> <string>1db2437af8b34992f57aedbb22fe27838f42d019</string> </void> </void> <void property="status"> <string>active</string> </void> <void property="valueXml"> <string></string> </void> <void property="version"> <int>12</int> </void> </object> </java>
    ]]>
    </L7j:col>
    But when I request the token, nothing happen!


  • 4.  Re: OTK with portal doenst work

    Posted Jan 27, 2017 08:52 AM

    I will send my post here to request the token in come soon



  • 5.  Re: OTK with portal doenst work
    Best Answer

    Broadcom Employee
    Posted Jan 27, 2017 09:24 AM

    Thank you.

     

    How are you submitting the request and which grant type are you using? From the output I see you did not register a callback URL which will cause problems.

     

    <void property="oauthCallbackUrl">
       <string></string>
    </void>

     

    I suggest adding a callback URL in portal and trying to use a Postman or SoapUI to do your test. The implicit grant type is a simple flow you can try:

     

    GET 

     

    /auth/oauth/v2/authorize?response_type=token&client_id=l7xx1cc0658743c741cf8dc05cf8c5ada531&redirect_uri=a-redirect_uri&scope=testematheus

     

    OAuth Request Scenarios - CA API Management OAuth Toolkit - 3.5 - CA Technologies Documentation 

     

    If this generates any errors please provide them here for review.

     

    Regards,

    Joe



  • 6.  Re: OTK with portal doenst work

    Posted Jan 27, 2017 11:39 AM

    Hi dasjo02,

     

    Now it worked, but in the page that I am redirected I coded to show the headers and the body of the request, but it does not have what is documented:

     

    Excepted(Documentation)

     

    ResponseHeader:

    status: 200Header:content-type: text/htmlBody:The user-agent will receive a login page. This page will request user credentials and the consent of the user. If the user denies the request the client will receive an error. If the user grants the client it will receive the access_token attached to the redirect_uriNext:The OAuth server will redirect the user-agent back to the client:Header:302Header:Location: the-redirect-uri?state=the-given-state#access_token=an-access_token&expires_in=lifetime-in-seconds&token_type=Bearer&scope=granted-scope&id_token=an-id-token-represented-as-jwt&id_token_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer

     

    My Case:

     

    Connection : keep-aliveAccept : */*Accept-Encoding : gzip, deflate, sdchAccept-Language : pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4Authorization : Basic bDd4eDExNzA3NDIwZWEwNTQ3NmE5MzJjZDJjZDE1ODhhZjA5OmE5ZThmZWQyYzEyZTRmNDc4ZjUxNTJjMDg1NDVlZWI2Host : amldktsp153569User-Agent : Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36



  • 7.  Re: OTK with portal doenst work

    Broadcom Employee
    Posted Jan 27, 2017 12:11 PM

    Unfortunately there is not much to go off of here with just those headers. I will need a bit more detail.

     

    What grant type are you trying to use?

     

    It looks to be something other than implicit as you are base64 encoding the client_id and secret in the auth header (not required for implicit). If you used the implicit grant you should be getting back an access_token in the URL hash fragment of the redirect page after authorizing the request (at /auth/oauth/v2/authorize):

     

     

    If these headers were generated as part of the redirect I would expect to see the HTTP referrer (referer) header. The 302 redirect is expected as the result of the authorization code grant, implicit grant or id token. Others will not return this response. 

     

    I see you opened a support case so it may be best to continue working this through that channel. At very least I would need to know the grant type you are using along with your request endpoint and parameters specified.

     

    Regards,

    Joe



  • 8.  Re: OTK with portal doenst work

    Posted Jan 27, 2017 12:19 PM

    I found the problem, when I did found:

     

    #access_token=73b72716-8b30-42e6-9afc-8ac9f16cb11b&expires_in=3600&token_type=Bearer&scope=scopoteste

     

    Thank you.



  • 9.  Re: OTK with portal doenst work

    Broadcom Employee
    Posted Jan 27, 2017 12:29 PM

    Thank you for the feedback, I'm glad to hear it is all working now.

     

    Regards,

    Joe