OAuth API changes in Mashery Local 5

The OAuth API in Mashery Local 5.0 has been modified to be consistent with the TIBCO Cloud™ Mashery OAuth API. This introduces a few differences from the Mashery Local 4.x OAuth API. These differences are listed below.

Null Values in Responses

In Mashery Local 4.x OAuth API, if the value of an attributes is not available in the response, the attribute itself is not included.

In Mashery Local 5.0 OAuth API, the response may includes null values when the value for a response is not available to match the response of TIBCO Cloud™ Mashery API.

For example, here is a response for Mashery Local 5 OAuth createAccessToken API when the scope, state, uri and extended attribute values are not present: 
{ 
 "jsonrpc":"2.0",
 "result":{ 
 "return_type":"json",
 "access_token":"5f8f5cv6pcw8fh48y9nhvtmv",
 "token_type":"bearer",
 "expires_in":86400,
 "refresh_token":"edcv2npr3furqsnscpn795t9",
 "scope":null,
 "state":null,
 "uri":null,
 "extended":null
 },
 "id":1
}

Error Responses

In Mashery Local 4.x OAuth API, an error response example is: 
{ 
    "jsonrpc":"2.0",
    "id":1,
    "error":{ 
        "message":"Invalid Access Token",
        "data":{ 
            "error":"invalid_request",
            "error_description":"Invalid Access Token"
        },
        "code":-2001
    }
}
In Mashery Local 5.0 OAuth API, the response format is: 
{ 
    "jsonrpc":"2.0",
    "error":{ 
        "message":"Invalid Access Token",
        "code":-2001,
        "error":{ 
            "error":"invalid_request",
            "error_description":"Invalid Access Token",
            "error_response":…
        }
    }
}
Note the different of schema is error.error.{…} in Mashery Local 5.0 OAuth API vs error.data.{…} in Mashery Local 4.x OAuth API.

Invalid Client request

In Mashery Local 4.x OAuth API, the response for an invalid client request is InvalidClientException which will result in status code 403 and error code 4000.

In Mashery Local 5.0 OAuth API, the responses for invalid client request are now consistent with the TIBCO Cloud™ Mashery API and return status code 400 or 403 as appropriate and error code -2001.

In Mashery Local 4.x OAuth API, the error message indicates specifically which parameter is missing.

In Mashery Local 5.0 OAuth API, a generic error message is returned when there is a missing parameter.

Method specific differences

In Mashery Local 4.x OAuth API, responseType is a required parameter. In Mashery Local 5.0 OAuth API, this is optional.

In Mashery Local 4.x OAuth API, the response for invalid redirect URL uses error message "Invalid redirect_uri". In Mashery Local 5.0 OAuth API, the response uses "Invalid redirect_url".

In Mashery Local 4.x OAuth API, fetchAccessToken response uses date format "yyyy-MM-dd GMT HH:mm:ss +0000" .

In Mashery Local 5.0 OAuth API, fetchAccessToken response uses date format "yyyy-MM-dd'T'HH:mm:ss'Z'"

In Mashery Local 5.0 OAuth API, responseType validation is updated for fetchApplication to match response of TIBCO Cloud™ Mashery API.

In Mashery Local 5.0 OAuth API, invalid client will result in error with code -2001.