Working with Identities in PayPal

Overview

The following operations allow you to work with Identities to grant access tokens and to retrieve a user's profile.. Click an operation name to see details on how to use it.

For a sample proxy service the illustrates how to work with identities, see Sample configuration.

Operation	Description
`grantTokenFromAuthorization`	Grants a new access token using the previously obtained authorization code
`grantTokenFromRefreshToken`	Grants a new access token using a refresh token
`getUserInformation`	Retrieves a user's profile attributes

Operation details

This section provides details on each of the operations.

Granting a token from the authorization code

Use this operation to grant a new access token using the previously obtained authorization code.

grantTokenFromAuthorization

<paypal.grantTokenFromAuthorization>
	<clientId>{$ctx:clientId}</clientId>
    <clientSecret>{$ctx:clientSecret}</clientSecret>
    <grantType>{$ctx:grantType}</grantType>
    <code>{$ctx:code}</code>
    <redirectUri>{$ctx:redirectUri}</redirectUri>
</paypal.grantTokenFromAuthorization>

Properties

clientId: Optional - Unique client identifier obtained through the application registration process.
clientSecret: Optional - Unique client secret key obtained through the application registration process.
grantType: Required - Token grant type. This value must be set tot authorization_code.
code: Optional - Authorization code previously received from the authorization server.
redirectUri: Optional - Redirection endpoint.

Sample request

Following is a sample REST request that can be handled by the grantTokenFromAuthorization operation.

Sample request for grantTokenFromAuthorization

{
"apiUrl":"https://api.sandbox.paypal.com",
"clientId":"AazsdhAqKoo7e-CaKAnCfXACwJcCPW-J5VraF2USZXPSjtuKGczJI8qIKu88",
"clientSecret":"EKCVQRCq5aj6SwNGX6UYv30Z7PTQNf8CmBmtWzPaPrQYC9-Us8nY1xF7pfdz",
"grantType":"authorization_code",
"code":"123",
"redirectUri":"www.google.com"
}

Granting a token from a refresh token

Use this operation to grant a new access token using a refresh token.

grantTokenFromRefreshToken

<paypal.grantTokenFromRefreshToken>
	<clientId>{$ctx:clientId}</clientId>
    <clientSecret>{$ctx:clientSecret}</clientSecret>
    <grantType>{$ctx:grantType}</grantType>
    <refreshToken>{$ctx:refreshToken}</refreshToken>
    <scope>{$ctx:scope}</scope>
</paypal.grantTokenFromRefreshToken>

Properties

clientId: Required - Unique client identifier obtained through the application registration process.
clientSecret: Required - Unique client secret key obtained through the application registration process.
grantType: Required - Token grant type. This value must be set to refresh_token.
refreshToken: Required - Refresh token previously received along with the access token that is to be refreshed.
scope: Optional - Resource URL endpoints that the client wants the token to be scoped for. The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings. These scope values must be a subset of the scopes originally granted by the resource owner. The following table provides a list of possible values. Note that when specifying the scope, you must always specify openid in addition to the other scope values.

User attribute	My apps form category	Scope value
None	Basic Authentication	`openid`
Full name	Personal Information	`profile`
Date of birth	Personal Information	`profile`
Age range	Personal Information	`https://uri.paypal.com/services/paypalattributes`
Email address	Address Information	`email`
Street address	Address Information	`address`
City	Address Information	`address`
State	Address Information	`address`
Country	Address Information	`address`
Zip code	Address Information	`address`
Phone	Address Information	`phone`
Account status (verified)	Account Information	`https://uri.paypal.com/services/paypalattributes`
Acount type	Account Information	`https://uri.paypal.com/services/paypalattributes`
Account creation date	Account Information	`https://uri.paypal.com/services/paypalattributes`
Time zone	Account Information	`profile`
Locale	Account Information	`profile`
Language	Account Information	`profile`
Use Seamless Checkout	Additional PayPal permissions	`https://uri.paypal.com/services/expresscheckout`
Gender		`profile`

Sample request

Following is a sample REST request that can be handled by the grantTokenFromRefreshToken operation.

Sample request for grantTokenFromRefreshToken

{
"apiUrl":"https://api.sandbox.paypal.com",
"clientId":"AazsdhAqKoo7e-CaKAnCfXACwJcCPW-J5VraF2USZXPSjtuKGczJI8qIKu88",
"clientSecret":"EKCVQRCq5aj6SwNGX6UYv30Z7PTQNf8CmBmtWzPaPrQYC9-Us8nY1xF7pfdz",
"grantType":"refresh_token",
"refreshToken":"wqdI69Yfsu3ShU2IShvd2d",
"scope":"profile email address"
}

Getting user information

Use this operation to retrieve user profile attributes.

getUserInformation

<paypal.getUserInformation>
	<schema>{$ctx:schema}</schema>
</paypal.getUserInformation>

Properties

schema: The schema that is used to return as per open ID connect protocol. Currently, the only supported value is openid.

Sample request

Following is a sample REST request that can be handled by the getUserInformation operation.

Sample request for getUserInformation

{
  "apiUrl":"https://api.sandbox.paypal.com",
  "accessToken":"V4saEx7w-XMcoECtx7GmlISJxVLXKRdDTYd7adW864M",
  "schema":"openid"
}

Sample configuration

Following is a sample proxy service that illustrates how to connect to PayPal with the init operation and use the grantTokenFromAuthorization operation. The sample request for this proxy can be found in grantTokenFromAuthorization sample request. You can use this sample as a template for using other operations in this category.

As a best practice, create a separate sequence for handling the response payload for errors. In the following sample, this sequence is "faultHandlerSeq".

Sample Proxy

<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
       name="PayPal_grantTokenFromAuthorization"
       transports="https,http"
       statistics="disable"
       trace="disable"
       startOnLoad="true">
   <target>
      <inSequence onError="faultHandlerSeq">
         <property name="apiUrl" expression="json-eval($.apiUrl)"/>
         <property name="clientId" expression="json-eval($.clientId)"/>
         <property name="clientSecret" expression="json-eval($.clientSecret)"/>
         <property name="grantType" expression="json-eval($.grantType)"/>
         <property name="code" expression="json-eval($.code)"/>
         <property name="redirectUri" expression="json-eval($.redirectUri)"/>
         <paypal.init>
            <apiUrl>{$ctx:apiUrl}</apiUrl>
         </paypal.init>
         <paypal.grantTokenFromAuthorization>
            <clientId>{$ctx:clientId}</clientId>
            <clientSecret>{$ctx:clientSecret}</clientSecret>
            <grantType>{$ctx:grantType}</grantType>
            <code>{$ctx:code}</code>
            <redirectUri>{$ctx:redirectUri}</redirectUri>
         </paypal.grantTokenFromAuthorization>
         <filter source="$axis2:HTTP_SC" regex="^[^2][\d][\d]">
            <then>
               <property name="ERROR_CODE" expression="$axis2:HTTP_SC"/>
               <switch source="$axis2:HTTP_SC">
                  <case regex="401">
                     <property name="ERROR_MESSAGE" value="Unauthorized"/>
                  </case>
                  <case regex="404">
                     <property name="ERROR_MESSAGE" value="Not Found"/>
                  </case>
                  <case regex="400">
                     <property name="ERROR_MESSAGE" value="Bad Request"/>
                     <property name="error_description" expression="json-eval($.error_description)"/>
                  </case>
               </switch>
               <sequence key="faultHandlerSeq"/>
            </then>
         </filter>
         <respond/>
      </inSequence>
      <outSequence>
         <send/>
      </outSequence>
   </target>
   <description/>
</proxy>