Taras Melon Taras Melon -4 years ago 297
JSON Question

WSO2 ESB Mediation Retrieve user attributes (claims) in inSequence

I have published API in API Publisher. That API have POST method

confirm
, which retrieves JSON data with such parameters: userUUID, appName, version. In API Publisher this API takes only two parameters: appName and version.

I don't want to send userUUID from client, but I want to retrieve userUUID from accessToken (it is in user claims) in inSequence and add it to sended JSON as new parameter and then send it all to backend.

Is it possible? Maybe I can retrieve at least user email from accessToken?

Answer Source

I found workaround with getting user info from https://localhost:9443/oauth2/userinfo?schema=openid

First of all, change value RemoveOAuthHeadersFromOutMessage in OAuthConfigurations in file [WSO2_AM]/repository/conf/api-manager.xml

Secondly, user claims, that are getting from https://localhost:9443/oauth2/userinfo?schema=openid should be configured in WSO2 API Manager Carbon Server in Service Providers.

Algorithm:

  1. Copy request body to property body_of_zero_call
  2. Copy request target REST API method to property urlPostfixZero
  3. Set value ?schema=openid as request target REST API method
  4. Call https://localhost:9443/oauth2/userinfo?schema=openid to get user info
  5. Check reponse code: if 200, then going through, else return code 500 with message { "status": "Can't get user info"}
  6. Copy interesting info (in my case user_uuid) from response body to property user_uuid_first_call
  7. Copy source request body from property body_of_zero_call to body
  8. Copy source request target REST API method from property urlPostfixZero to request target REST API method
  9. Add element userUUID to request body
  10. Fill element userUUID in body with value from property user_uuid_first_call
  11. Call target URL with changed body and target REST API method
  12. Respond

Mediator:

<?xml version="1.0" encoding="UTF-8"?>
<sequence xmlns="http://ws.apache.org/ns/synapse" name="token_to_user_uuid" trace="disable">
   <!-- 1 -->
   <enrich>
      <source clone="true" type="body" />
      <target action="child" property="body_of_zero_call" type="property" />
   </enrich>
   <!-- 2 -->
   <property expression="$axis2:REST_URL_POSTFIX" name="urlPostfixZero" scope="default" type="STRING" />
   <!-- 3 -->
   <property name="REST_URL_POSTFIX" scope="axis2" type="STRING" value="?schema=openid" />
   <!-- 4 -->
   <call blocking="true">
      <endpoint>
         <http method="get" trace="disable" uri-template="https://localhost:9443/oauth2/userinfo" />
      </endpoint>
   </call>
   <!-- 5 -->
   <filter regex="200" source="get-property('axis2', 'HTTP_SC')">
      <then>
         <!-- 6 -->
         <property expression="$body//jsonObject//user_uuid" name="user_uuid_first_call" scope="default" type="STRING" />
         <!-- 7 -->
         <enrich>
            <source clone="true" property="body_of_zero_call" type="property" />
            <target type="body" />
         </enrich>
         <!-- 8 -->
         <property expression="get-property('urlPostfixZero')" name="REST_URL_POSTFIX" scope="axis2" type="STRING" />
         <!-- 9 -->
         <enrich>
            <source clone="true" type="inline">
               <userUUID xmlns="" />
            </source>
            <target action="child" xpath="$body//jsonObject" />
         </enrich>
         <!-- 10 -->
         <enrich>
            <source clone="true" property="user_uuid_first_call" type="property" />
            <target xpath="$body//jsonObject//userUUID" />
         </enrich>
         <!-- 11 -->
         <call blocking="true">
            <endpoint>
               <http method="post" trace="disable" uri-template="https://localhost:9444/customAuth/services/regulations" />
            </endpoint>
         </call>
         <!-- 12 -->
         <respond />
      </then>
      <else>
         <property name="HTTP_SC" scope="axis2" type="STRING" value="500" />
         <payloadFactory media-type="json">
            <format>{ "status": "Can't get user info"}</format>
            <args />
         </payloadFactory>
         <respond />
      </else>
   </filter>
</sequence>
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download