Apigee Console To Go Fails with 401 Apigee Platform Proxy Configured to use Oauth 2.0

Question

We are using Apigee Platform to host our api's. Our Api Proxy in Apigee is configured to use Oauth 2.0 client_credentials and implicit grant types.

We are creating Console To Go to provide testing console for our API's to developers and Configured the console to use Oauth 2.0 Implicit Grant Flow.

When we test the actual calls, we always get 401 from Apigee. Here is the response

HTTP/1.1 401 API is secure. Needs security Credentials
WWW-Authenticate:
Bearer realm="null",error='invalid_token",error_description='oauth.v2.InvalidAccessToken: Invalid access token"
Content-Length:101
Content-Type:application/json

{
 "fault":  {
 "faultstring": "Invalid access token",
 "detail":  {
  "errorcode": "oauth.v2.InvalidAccessToken"
  }
  }
}

Actual Request that was sent to our API was:

GET /whodini/v1/discovery?email=puneet%40whodini.com HTTP/1.1
Authorization: OAuth M********N (Masked for security)
Host: whodiniinc-test.apigee.net
X-Target-URI: http://whodiniinc-test.apigee.net
Connection:
Keep-Alive

ValidateAccessToken policy of Apigee looks for token value in Authorization: Bearer {token} header and my suspicion is it fails with 401 because actual request made by Console to go contains Authorization: Oauth {token}.

Is there any way to 1. Control Authorization header value while using Oauth Implicit Grant Flow so that while making API calls Console to go uses Authorization: Bearer M********N instead of Authorization: OAuth M********N

1. Add a rule in the ValidateAccessToken policy of Apigee Proxy to that it interprets Authorization: OAuth M********N (Masked for security)

Answer 1

Please follow the below steps to resolve your issue:

1. Go to https://apigee.com/togo
2. Login
3. Select OAuth 2.0 Implicit Grant Flow (User Agent)
4. Select 'Draft Version' as '14 or later'
5. Click 'Save Credentials' button

Hope this helps. Please let me know if you have any further questions.

Thanks, Archendra