From bcb006f83ac00d166891a3a72ca299629257fb93 Mon Sep 17 00:00:00 2001
From: Thisal Tennakoon <42693357+thisaltennakoon@users.noreply.github.com>
Date: Wed, 2 Oct 2024 09:07:54 +0530
Subject: [PATCH] Added configs to enable re-try call with new OAuth token when
the existing token is revoked/invalid (#13539)
* Added configs to enable re-try call with new OAuth token
when the existing token is revoked/invalid
---
.../repository/conf/synapse.properties.j2 | 4 +-
.../api_templates/endpoint_template.xml | 44 +++++++++++++++++++
.../api_templates/velocity_template.xml | 6 +--
3 files changed, 50 insertions(+), 4 deletions(-)
diff --git a/modules/distribution/product/src/main/resources/conf/templates/repository/conf/synapse.properties.j2 b/modules/distribution/product/src/main/resources/conf/templates/repository/conf/synapse.properties.j2
index 5233040687..42ad5d6752 100644
--- a/modules/distribution/product/src/main/resources/conf/templates/repository/conf/synapse.properties.j2
+++ b/modules/distribution/product/src/main/resources/conf/templates/repository/conf/synapse.properties.j2
@@ -22,4 +22,6 @@
synapse.artifacts.file.storage.enabled=false
{% endif %}
{% endif %}
-
+{% if apim.mediator_config.oauth.enable_retry_call_with_new_token && apim.redis_config is defined %}
+token.cache.class=org.wso2.carbon.apimgt.gateway.mediators.oauth.RedisTokenCache
+{% endif %}
diff --git a/modules/distribution/resources/api_templates/endpoint_template.xml b/modules/distribution/resources/api_templates/endpoint_template.xml
index be0c512b1c..400d493e2a 100644
--- a/modules/distribution/resources/api_templates/endpoint_template.xml
+++ b/modules/distribution/resources/api_templates/endpoint_template.xml
@@ -90,6 +90,50 @@
#timeout( $ep.get('config') )
+#if($enableRetryCallWithNewOauthToken)
+ #set( $endpointSecurity = $endpoint_security.get($type) )
+ #if($endpointSecurity.type == "oauth" || $endpointSecurity.type == "OAUTH")
+
+
+ #if($endpointSecurity.grantType == "client_credentials" || $endpointSecurity.grantType == "CLIENT_CREDENTIALS")
+ #set($grantType = "clientCredentials")
+ #elseif($endpointSecurity.grantType == "password" || $endpointSecurity.grantType == "PASSWORD")
+ #set($grantType = "passwordCredentials")
+ #end
+
+ <$grantType>
+ #if($grantType == "passwordCredentials")
+ $util.escapeXml($endpointSecurity.username)
+ #if($isSecureVaultEnabled)
+ {wso2:vault-lookup('$endpointSecurity.passwordAlias')}
+ #else
+ $util.escapeXml($endpointSecurity.password)
+ #end
+ #end
+ $util.escapeXml($endpointSecurity.clientId)
+ #if($isSecureVaultEnabled)
+ {wso2:vault-lookup('$endpointSecurity.clientSecretAlias')}
+ #else
+ $util.escapeXml($endpointSecurity.clientSecret)
+ #end
+ $util.escapeXml($endpointSecurity.tokenUrl)
+ $util.escapeXml($endpointSecurity.connectionTimeoutDuration)
+ $util.escapeXml($endpointSecurity.connectionRequestTimeoutDuration)
+ $util.escapeXml($endpointSecurity.socketTimeoutDuration)
+ #set($requestParametersMap = $util.jsonStringToMap($endpointSecurity.customParameters))
+ #if($requestParametersMap.size() > 0)
+
+ #foreach($entry in $requestParametersMap.entrySet())
+ $util.escapeXml($entry.value)
+ #end
+
+ #end
+
+
+
+
+ #end
+#end
diff --git a/modules/distribution/resources/api_templates/velocity_template.xml b/modules/distribution/resources/api_templates/velocity_template.xml
index b4d4071d82..be533fe620 100644
--- a/modules/distribution/resources/api_templates/velocity_template.xml
+++ b/modules/distribution/resources/api_templates/velocity_template.xml
@@ -75,7 +75,7 @@
#else
- #if($endpointsecurity.type == "oauth" || $endpointsecurity.type == "OAUTH")
+ #if(!($enableRetryCallWithNewOauthToken && $endpointClass == "http") && ($endpointsecurity.type == "oauth" || $endpointsecurity.type == "OAUTH"))
@@ -367,12 +367,12 @@ $out_sequences.get("$resource.getUriTemplate()").get($uri)
#if( $endpoint_config.get("endpoint_type") != 'sequence_backend' )
- #if($endpointSecurityProd.clientId && ($endpointSecurityProd.type == "oauth" || $endpointSecurityProd.type == "OAUTH"))
+ #if(!($enableRetryCallWithNewOauthToken && $endpointClass == "http") && $endpointSecurityProd.clientId && ($endpointSecurityProd.type == "oauth" || $endpointSecurityProd.type == "OAUTH"))
#end
- #if($endpointSecuritySand.clientId && ($endpointSecuritySand.type == "oauth" || $endpointSecuritySand.type == "OAUTH"))
+ #if(!($enableRetryCallWithNewOauthToken && $endpointClass == "http") && $endpointSecuritySand.clientId && ($endpointSecuritySand.type == "oauth" || $endpointSecuritySand.type == "OAUTH"))
#end