Pass authentication info in the query string parameters
search cancel

Pass authentication info in the query string parameters

book

Article ID: 274517

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Allow user to pass authentication info in the query string parameters in OTK 4.6.1 .

 

Environment

API Gateway Release : 10.1 & 11.0

Cause

As part of Oauth 2.0 compliance we started restricting sending the client_id & client_secret in query string of the message.

Resolution

It is still possible to use within query string with some updates to the services. Please try the below option:

  1. Here we are taking example of endpoint:  /auth/oauth/v2/token
  2. Update the line 27 regex to - ([?&]subject_token=)|([?&]actor_token=)|([?&]code=)|([?&]code_verifier=)|([?&]device_code=)
  3. Disable the Validate HTML Form Data (line 28)

NOTE: Line numbers mentioned are for reference ONLY.

Additional Information

We have seen customers generating OAuth token in the "old" way and it would be a big problem handle the new mode, by passing parameters in the payload.