CA API Developer Portal: Customize OAuth Error Response

Document ID : KB000118915
Last Modified Date : 02/11/2018
Show Technical Document Details
Question:
When protecting a portal published API with OAuth, the HTTP status returned is generic, i.e: 400 Bad Request
How can this be set to the actual return code? Such as 401 unauthorized.
Answer:
The error is returned in the "Standard Policy Template Fragment - OAuth 2.0" template.
Particularly through the customize error response assertion.

To change this to the response provided by the 'OTK Require OAuth 2.0 Token' assertion you will need to follow the below.
This assertion is responsible for accepting and validating tokens and outputs a variable ${Status} containing the error code returned.

1)  Find the 'Customize Error Response' assertion located near line 126 in the policy
2)  In the assertion properties change the field "Response HTTP Status" to ${status}
3) Save and activate the policy
4) Now right click on the "Standard Policy Template Fragment - OAuth 2.0" encapsulated assertion and select 'Encapsulated Assertion Properties"
5) In the Outputs section, add the name Status