Skip to content

Fix token exchange example and add endpoint note (#11155) #11156

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Rami2212 wants to merge 1 commit into
base: 4.7.0
Choose a base branch
from
+8 −4
Open

Fix token exchange example and add endpoint note (#11155) #11156

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 8 additions & 4 deletions ...ocs/api-gateway/policies/passing-a-custom-authorization-token-to-the-backend.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,11 @@ Here's a summary:
| Version | 1.0.0 |
| Endpoint | http://wso2cloud-custom-auth-header-sample-1-0-0.wso2apps.com/custom-auth-header/validate-header |

3. Navigate to the **API Configurations** --> **Policies** tab. Create a new policy with the information given in the table below by following the instructions in [Create a Policy]({{base_path}}/api-design-manage/design/api-policies/create-policy/).
> ⚠️ Note:
> The sample endpoint used in this tutorial may not be active or reachable.
> It is recommended to use your own backend service or a mock server to test this functionality.
Comment on lines +38 to +40
Copy link

Copilot AI Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Docs elsewhere use MkDocs-style admonitions (e.g., !!! note, !!! warning). This new blockquote-style note (with ⚠️) is inconsistent and may render differently or break list formatting; consider converting it to an admonition (!!! note/!!! warning) using the same style as other pages.

Copilot uses AI. Check for mistakes.

4. Navigate to the **API Configurations** --> **Policies** tab. Create a new policy with the information given in the table below by following the instructions in [Create a Policy]({{base_path}}/api-design-manage/design/api-policies/create-policy/).
Copy link

Copilot AI Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The ordered list numbering is now inconsistent: after step 2, the next item is labeled as step 4. This also causes later step references to be ambiguous. Please renumber this item (and subsequent items) or switch to Markdown auto-numbering to keep the sequence correct.

Copilot uses AI. Check for mistakes.

| Section | Field | Sample Value |
|---------------------------|-------------------|-----------------------|
Comment on lines +42 to 45
Copy link

Copilot AI Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR description says the mediation example was updated to use CustomValue instead of reusing Custom, but the Step 1 tokenExchange.j2 sequence in this same document still sets Authorization from get-property('Custom') after overwriting Custom. Please update the snippet to use a separate property (e.g., CustomValue) and read Authorization from that value, as described in #11155.

Copilot uses AI. Check for mistakes.
Expand All @@ -47,15 +51,15 @@ Here's a summary:
| Gateway Specific Details | Policy File | `tokenExchange.j2` file you created |
| Policy Attributes | N/A | N/A |

4. Next, find the **Custom Authorization Token** policy that you just created by following Step 3, from the `Request` tab of the policy list. Drag and drop this policy to the desired API operation(s) by following the instructions in [Attach Policies]({{base_path}}/api-design-manage/design/api-policies/attach-policy/).
5. Next, find the **Custom Authorization Token** policy that you just created by following Step 3, from the `Request` tab of the policy list. Drag and drop this policy to the desired API operation(s) by following the instructions in [Attach Policies]({{base_path}}/api-design-manage/design/api-policies/attach-policy/).
Copy link

Copilot AI Apr 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This step still says "following Step 3", but after the inserted note the preceding step is labeled as step 4 (and there is no visible step 3). Update the step reference to match the corrected numbering to avoid confusing readers.

Copilot uses AI. Check for mistakes.

[![Custom Authorization Token Policy]({{base_path}}/assets/img/design/api-policies/custom-authorization-token-policy.png)]({{base_path}}/assets/img/design/api-policies/custom-authorization-token-policy.png)

5. Finally, scroll down and click on the **Save** button in order to apply the attached policies to the API.
6. Finally, scroll down and click on the **Save** button in order to apply the attached policies to the API.

[![Disable Chunking]({{base_path}}/assets/img/design/api-policies/save-api-for-custom-authorization-token-policy.png)]({{base_path}}/assets/img/design/api-policies/save-api-for-custom-authorization-token-policy.png)

6. Make sure to navigate to the **Deployments** tab and click on **Deploy New Revision** button. Also, if the API is not in `PUBLISHED` state, navigate to the **Lifecycle** tab and publish your API.
7. Make sure to navigate to the **Deployments** tab and click on **Deploy New Revision** button. Also, if the API is not in `PUBLISHED` state, navigate to the **Lifecycle** tab and publish your API.

5. Go to the **Developer Portal**, subscribe and obtain a token to invoke the published API.

Expand Down
Loading