How to add AWS Auth to open api spec? - amazon-web-services

I am writing API specs for a service that requires AWS auth. But I can't find any information as to how to add this authentication in the specs. ( What I did find was this: https://support.smartbear.com/swaggerhub/docs/integrations/amazon-api-gateway.html, which seems needs you to integrate with AWS. But I do not want/need any such integration. My API spec is only supposed to be documentation for how a user is supposed to use them.)

Related

google api key gets 401

I am trying to call some endpoints on google cloud build but I just get 401 and I am wondering how to fix this? In the end, I want to curl but if the website is not working, there is truly something wrong! Here is the picture
Only a group of API services/products on Google Cloud Platform support API keys without more authentication methods (OAuth). You can find these specific services here. In the same page that you posted, if you go down on the documentation there should be a "Authorization Scopes" section listing the required OAuth scopes that the API requires, if so, it means OAuth is needed in order to use the service.
I look at the Cloud Build Rest Api Doc and indeed I can see OAuth is required, in addition to not being listed here. You need to implement OAuth for this specific Service (Cloud Build API).

How access to the JHipster API when authentication is managed by Keycloak

I've built a JHipster application with oauth2 authentication. The latter is implemented by Keycloak through the generated docker-compose file.
Everything works fine in the browser for "human" users. But I need to make some external programs use the API while beng authenticated.
So I started to simulate direct access to API with Postman. I read about XSRF-TOKEN cookie. But to be frank, I don't understand the process of authentication.
Can anyone explain how to perform authenticated requests to the JHipster API regarding keycloak ?
Maybe it isn't the appropriate approach : I also read about implementing a Configuration based on another authentication mecanism, that should be used for controllers exposed on a different endpoint.
Any help figuring out all of that would be really appreciated !
You need machine to machine authentication. Generally Open ID Connect (OIDC) offers client credentials flow for this case. So in theory you just enable it in the Keycloak client configuration and you may use it. But it depends on your API auth implementation. Your API very likely uses different OIDC flow for humans and it may not be ready for client credentials flow.
I got it working: Jan's tip show me the way.
Mainly I followed this tutorial.
The solution would be to add a client configured with Standard flow, Service account and Authorization enabled. Then I added the JHipster client scope provided by the generated docker-compose setup.
Once that was configured, I configured the request to use the Oauth2 authentication. I filled the configuration form for token request according to the tutorial. And I was good to go !
Many thx !

WSO2IS With Custom Context Root

My team is trying to expose WSO2-IS through a reverse proxy. With our team setup, each new application is exposed under a single context-root, and we're hoping to do the same for wso2.
Using the oauth2/authorize endpoint as an example, we would like to expose the endpoint through our proxy as
https://<domain name>/wso2-is/oauth2/authorize rather than the default
https://<domain name>/oauth2/authorize
It turns out we would need this same configuration for a number of webapps under wso2is, including:
oauth2
oidc
commonauth
logincontext
authorizationendpoint
I've found information online for how to do this with the admin console, but I haven't found any info on how to do it for these public endpoints.
Has anyone been able to accomplish this, or does someone know whether or not WSO2 was built to support this use case?
You can follow the official documentation on Adding a Custom Proxy Path.

Securing Rest API in WSO2 ESB

Can we implement a secured API in WSO2 ESB and can we provide an existing user's credential, (as a header) who is in ESB's use store, to access it?
This scenario can be done in ESB Proxy: Guide by providing a policy file. Can't we do the same in API too, if not what is the reason behind that?
If you are going to secure the APIs using Oauth2 you can use Oauth mediator but if you looking to use basic auth you need to write a class mediator(Here is an old article,you can get brief idea on implementing basic auth class mediator even though details are outdated )

WSO2 API Manager Authentication

I have an application that uses Basic Authentication to authenticate and authorize service calls. I am setting up our WSO2 API Manager on a separate server but are unsure how to pass the base64 encryption from the API Manager through to my application to authorize certain service calls.
This information is not readily available in the documentation so I am not sure it is even supported.
Has anyone used this or knows how to achieve this?
If you want to provide your own authentication mechanism you can do this very easily by implementing the org.wso2.carbon.apimgt.gateway.handlers.security.Authenticator and set it in authentication handlers chain.
You can refer the org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator for reference.
You can provide the credentials when you create an API at publisher. You can check the WSO2 documentation about adding an API. At publisher for "Endpoint Type" you have to select Secured and then need to provide username/password.
Authentication occurs in API Manager via the APIAuthenticationHandler, which is among the handlers defined in your API sequence definition (/repository/deployment/server/synapse-configs/default/api). To disable authentication for that particular API (since API Manager handles basic authentication itself), just remove or comment out the handler. Users should then provide the basic authentication required by the back-end service rather than the API Manager token, since they will no longer need it.