Client-Specific Customization

In OAuth Manager, you can configure settings for OAuth Clients and Client Keys through the Custom Field.  Expressed as a JSON message, this configuration is stored in the ${custom} variable. You can then use this variable for client specific configuration within policy.
In OAuth Manager, you can configure settings for OAuth Clients and Client Keys through the Custom Field.  Expressed as a JSON message, this configuration is stored in the ${custom} variable. You can then use this variable for client specific configuration within policy.
This page contains the following sections:
Set Parameter Values in the Custom Field for a Client (or Client Key)  
To set parameter values in the Custom JSON Field for a client or client key: 
  1. Open a browser and go to: https://<yourgatewayURL>:8443/
  2. Provide a username and password. The type of access you are granted depends on your user role.
  3. Click 
  4. Select a client and click 
    The Edit page appears with a 
    Custom Field
     that accepts JSON content. 
  5. Provide JSON content that configures parameters for this client.
  6. Click 
    Update Client
Similarly, you can click 
List Keys
 for a client, then 
 Provide custom JSON values for the client key and click 
For example: 
How the Custom Field Content is Stored
The custom field contents are stored in the ${custom} variable that has the following structure:
{"client_custom": ${client_custom}, "client_key_custom": ${client_key_custom}}
Add Custom Logic to Extend the #Policy
Refer to the examples for the nesting logic.
Tasks include:
  • Creating a custom_json Context variable to hold the JSON message content provided by the ${custom} variable.
  • Using an Evaluate JSON Path Expression assertion to extract the key/value pairs.
  • Adding a Compare Expression assertion to check if any custom values were set.
  • Overwriting the default setting for the client with the custom values.  
Set Context Variable: custom_json 
Add a Set Context Variable assertion called custom_json to hold the content of ${custom}. The ${custom} variable contains the JSON message parameter settings for the client and client key. 
Use the following settings for the Set Context Variable assertion:
Variable Name
Data Type
application/json; charset=UTF-8
Evaluate JSON Path Expression
Set up the Evaluate JSON Path Expression to capture the parameters.
Use the following settings for the Evaluate JSON Path Expression assertion:
 –  Identify the parameters you want to extract. For example:  $..lifetimes.oauth2_access_token_lifetime_sec.
 – Click Other Message Variable and type custom_json.  This Identifies where to find the custom content.
 – Create a new variable prefix to identify the result of the extraction. For example: at_lifeftime becomes at_lifetime.result and holds the custom access token lifetime value.
Add a Compare Expression Assertion
Add a Compare Expression assertion to check if any custom values are set.  The expression is specific to the parameters you are checking. For example:
Use the following settings to check to see if the "lifetimes" element exists in the JSON message:
Data Type
If Multivalued
All values must pass
Simple Comparison
Set up the Simple Comparison rule as:
Right Expression
   (or whatever you're checking here for content).
Case Sensitive
 – unclick
Overwrite the Default Setting of the Context Variable 
Add a Set Context Variable assertion to overwrite the parameter with the result of the JSON extraction.The result of the JSON extraction is stored in a variable created with the assigned Variable Prefix in the following format:  
Hover your mouse over the 
Evaluate JSON Path Expression
 assertion to see what variables are automatically created.
In the following example, the Variable Prefix is added to the .found, .count, and .result, and results.
The Set Context Variable has the following properties:
Variable Name
 – The Context Variable you are customizing for this client. For example: oauth2_access_token_lifetime_sec
 – The variable where the extracted value from the JSON message is stored. For example: ${at_lifetime.result}
Client-Specific Customization Examples
The following examples show how client-specific customization can be implemented:
Customizing Token Lifetime for a Specific Client
The following policy example shows how custom settings for the access token lifetime and refresh token lifetime are set for a specific client. The configuration is performed in the 
#OTK Token Lifetime Configuration
Customizing Token Behavior for a Specific Client Identified by Client Key
The following example shows how the 
#OTK Storage Configuration policy
 was extended to provide global defaults and custom token behavior for a specific client key.
The logic includes:
  • Global configuration by setting default values for the following Context Variables:
    = 5
    = error
  • Specific configuration for clients/client keys that overrides the global configuration:
    For the Client Key, the following custom values are set:
  • Similarly, the following custom values are set for the client:
    {"max_token_count": 7, "max_token_behaviour": "cycle"}
The policy can be coded as follows:
Global Token Count 
The global section sets the rule. It contains Context Variables that establish default values for all clients. There is no check required for the ${custom} variable.
The code determines the following global behavior:
  • With the 
     set to 5, all clients can access four additional instances of the same app without logging out of the first instance.
  • When a client attempts to log into more than five instances, the 
    setting indicates that an error is returned. 
Per-Client Token Count
The per-client section sets the exception to the rule. It contains logic that checks for any content within the ${custom} variable, extracts the values of parameters associated with the client and client key, then overrides the default global setting of these parameters for the specific client.
The code to set per-client behavior is as follows:
  • The custom_json Context Variable holds the ${custom} variable contents.
  • The JSON contents are extracted.
  • If the max_oauth_token_count is found in the JSON object, the Context Variable max_oauth_token_count is set to its associated value.
In this example, because the 
Client Custom
Client Key Custom
 fields are both set, the 
Client Key Custom
 takes precedence as it is the first assertion code block found to be true.