Send Docs Feedback

Set OAuth V2 Info policy


Lets you add or update custom attributes associated with an access token, refresh token, or authorization code. Custom attributes might include things like department name, a customer ID, or a session identifier. See also Customizing tokens and auth codes.

You can only add or modify custom attributes. You cannot use this policy to change fields like scope, status, expires_in, developer_email, client_id, org_name, or refresh_count. If an attribute already exists, this policy updates it. If it does not exist, the policy adds it. The access token referenced must be valid and in an approved state.



This policy can be attached in the following locations. See the Samples for specific attachment guidance in different situations.

ProxyEndpoint TargetEndpoint
    PreFlow Flow PostFlow PreFlow Flow PostFlow    
    PostFlow Flow PreFlow PostFlow Flow PreFlow    


Below is an example policy used to update an OAuth 2.0 access token. The example below locates the access token on the request message by looking for a query parameter called access_token. When an access token is presented by a client app, the policy below will locate the access token in the query parameter. It will then update the access token's profile. It adds a custom property called to the profile. 

<SetOAuthV2Info name="SetOAuthV2Info"> 
  <AccessToken ref="request.queryparam.access_token"></AccessToken>
    <Attribute name="" ref="request.queryparam.department_id"></Attribute>

If an attribute already exists in the access token profile, then it will be updated with the new value in the policy. If an attribute does not exist, then the attribute will be added to the access token's profile.

Element Reference

The element reference describes the elements and attributes of the SetOAuthV2 policy.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<SetOAuthV2Info async="false" continueOnError="false" enabled="true" name="SetOAuthV2Info-1">    
    <DisplayName>Set OAuth v2.0 Info 1</DisplayName>
    <AccessToken ref={some-variable}></AccessToken>

<SetOAuthV2Info> attributes

<SetOAuthV2Info async="false" continueOnError="false" enabled="true" name="Set-OAuth-v20-Info-1">

The following attributes are common to all policy parent elements.

Attribute Description Default Presence

The internal name of the policy. Characters you can use in the name are restricted to: A-Z0-9._\-$ %. However, the Edge management UI enforces additional restrictions, such as automatically removing characters that are not alphanumeric.

Optionally, use the <DisplayName> element to label the policy in the management UI proxy editor with a different, natural-language name.

N/A Required

Set to false to return an error when a policy fails. This is expected behavior for most policies.

Set to true to have flow execution continue even after a policy fails.

false Optional

Set to true to enforce the policy.

Set to false to "turn off" the policy. The policy will not be enforced even if it remains attached to a flow.

true Optional

This attribute is deprecated.

false Deprecated

<DisplayName> element

Use in addition to the name attribute to label the policy in the management UI proxy editor with a different, natural-language name.

<DisplayName>Policy Display Name</DisplayName>


If you omit this element, the value of the policy's name attribute is used.

Presence: Optional
Type: String


<AccessToken> element

Identifies the variable where the access token is located. For example, if the access token is attached to request message as a query parameter, specify request.queryparam.access_token. You can use any valid variable that references the token. Or, could pass in the literal token string (rare case).

 <AccessToken ref="request.queryparam.access_token"></AccessToken>
Default: N/A
Presence: Required
Type: String


Attribute Description Default Presence

An access token variable. Typically, retrieved from a flow variable.

N/A Optional

<Attributes> element

A set of attributes in the access token profile that will be modified or augmented.

Default: N/A
Presence: Required
Type: N/A

<Attributes>/<Attribute> element

An individual attribute to update.

The name attribute identifies the custom property of the access token profile to be updated. This example shows how to use a referenced variable value and a static value. 

    <Attribute name="" ref="request.queryparam.department_id"></Attribute>
    <Attribute name="foo">bar</Attribute>
Default: N/A
Presence: Optional
Type: N/A


Attribute Description Default Presence
name The name of the profile attribute to add or change. N/A  

The value to assign to the profile attribute.

N/A Optional


Flow variables

On success, the following flow variables will be set:

  • oauthv2accesstoken.{policyName}.access_token
  • oauthv2accesstoken.{policyName}.client_id
  • oauthv2accesstoken.{policyName}.refresh_count
  • oauthv2accesstoken.{policyName}.organization_name
  • oauthv2accesstoken.{policyName}.expires_in
  • oauthv2accesstoken.{policyName}.refresh_token_expires_in
  • oauthv2accesstoken.{policyName}.issued_at
  • oauthv2accesstoken.{policyName}.status
  • oauthv2accesstoken.{policyName}.api_product_list
  • oauthv2accesstoken.{policyName}.token_type
  • oauthv2accesstoken.{policyName}.{custom_attribute_name}

On failure, following variable will be set:

  • oauthv2accesstoken.{policyName}.failed: true


Each policy type is defined by an XML schema (.xsd). For reference, policy schemas are available on GitHub.

Error codes

No error codes are specified for the Set OAuthV2 Info policy.

Related topics

Help or comments?