Skip to content

Commit

Permalink
Added configs to enable re-try call with new OAuth token when the exi…
Browse files Browse the repository at this point in the history
…sting token is revoked/invalid (#13539)

* Added configs to enable re-try call with new OAuth token

when the existing token is revoked/invalid
  • Loading branch information
thisaltennakoon authored Oct 2, 2024
1 parent 0629cb5 commit bcb006f
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,6 @@
synapse.artifacts.file.storage.enabled=false
{% endif %}
{% endif %}

{% if apim.mediator_config.oauth.enable_retry_call_with_new_token && apim.redis_config is defined %}
token.cache.class=org.wso2.carbon.apimgt.gateway.mediators.oauth.RedisTokenCache
{% endif %}
44 changes: 44 additions & 0 deletions modules/distribution/resources/api_templates/endpoint_template.xml
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,50 @@
<endpoint xmlns="http://ws.apache.org/ns/synapse" name="$name">
<http uri-template="$util.escapeXml($ep.get("url"))">
#timeout( $ep.get('config') )
#if($enableRetryCallWithNewOauthToken)
#set( $endpointSecurity = $endpoint_security.get($type) )
#if($endpointSecurity.type == "oauth" || $endpointSecurity.type == "OAUTH")
<authentication>
<oauth>
#if($endpointSecurity.grantType == "client_credentials" || $endpointSecurity.grantType == "CLIENT_CREDENTIALS")
#set($grantType = "clientCredentials")
#elseif($endpointSecurity.grantType == "password" || $endpointSecurity.grantType == "PASSWORD")
#set($grantType = "passwordCredentials")
#end

<$grantType>
#if($grantType == "passwordCredentials")
<username>$util.escapeXml($endpointSecurity.username)</username>
#if($isSecureVaultEnabled)
<password>{wso2:vault-lookup('$endpointSecurity.passwordAlias')}</password>
#else
<password>$util.escapeXml($endpointSecurity.password)</password>
#end
#end
<clientId>$util.escapeXml($endpointSecurity.clientId)</clientId>
#if($isSecureVaultEnabled)
<clientSecret>{wso2:vault-lookup('$endpointSecurity.clientSecretAlias')}</clientSecret>
#else
<clientSecret>$util.escapeXml($endpointSecurity.clientSecret)</clientSecret>
#end
<tokenUrl>$util.escapeXml($endpointSecurity.tokenUrl)</tokenUrl>
<connectionTimeout>$util.escapeXml($endpointSecurity.connectionTimeoutDuration)</connectionTimeout>
<connectionRequestTimeout>$util.escapeXml($endpointSecurity.connectionRequestTimeoutDuration)</connectionRequestTimeout>
<socketTimeout>$util.escapeXml($endpointSecurity.socketTimeoutDuration)</socketTimeout>
#set($requestParametersMap = $util.jsonStringToMap($endpointSecurity.customParameters))
#if($requestParametersMap.size() > 0)
<requestParameters>
#foreach($entry in $requestParametersMap.entrySet())
<parameter name="$util.escapeXml($entry.key)">$util.escapeXml($entry.value)</parameter>
#end
</requestParameters>
#end
<authMode/>
</$grantType>
</oauth>
</authentication>
#end
#end
</http>
<property name="ENDPOINT_ADDRESS" value="$util.escapeXml($ep.get("url"))"/>
</endpoint>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@
<target type="body"/>
</enrich>
#else
#if($endpointsecurity.type == "oauth" || $endpointsecurity.type == "OAUTH")
#if(!($enableRetryCallWithNewOauthToken && $endpointClass == "http") && ($endpointsecurity.type == "oauth" || $endpointsecurity.type == "OAUTH"))
<class name="org.wso2.carbon.apimgt.gateway.mediators.oauth.OAuthMediator">
<property name="uniqueIdentifier" value="$util.escapeXml($endpointsecurity.uniqueIdentifier)" type="STRING"/>
<property name="tokenEndpointUrl" value="$util.escapeXml($endpointsecurity.tokenUrl)" type="STRING"/>
Expand Down Expand Up @@ -367,12 +367,12 @@ $out_sequences.get("$resource.getUriTemplate()").get($uri)
#if( $endpoint_config.get("endpoint_type") != 'sequence_backend' )
<filter source="$ctx:AM_KEY_TYPE" regex="$filterRegex">
<then>
#if($endpointSecurityProd.clientId && ($endpointSecurityProd.type == "oauth" || $endpointSecurityProd.type == "OAUTH"))
#if(!($enableRetryCallWithNewOauthToken && $endpointClass == "http") && $endpointSecurityProd.clientId && ($endpointSecurityProd.type == "oauth" || $endpointSecurityProd.type == "OAUTH"))
<class name="org.wso2.carbon.apimgt.gateway.mediators.oauth.OAuthResponseMediator"/>
#end
</then>
<else>
#if($endpointSecuritySand.clientId && ($endpointSecuritySand.type == "oauth" || $endpointSecuritySand.type == "OAUTH"))
#if(!($enableRetryCallWithNewOauthToken && $endpointClass == "http") && $endpointSecuritySand.clientId && ($endpointSecuritySand.type == "oauth" || $endpointSecuritySand.type == "OAUTH"))
<class name="org.wso2.carbon.apimgt.gateway.mediators.oauth.OAuthResponseMediator"/>
#end
</else>
Expand Down

0 comments on commit bcb006f

Please sign in to comment.