I have a scenario to implement when there are two authentication options one is Oauth2 and another one is custom header "x-api-key". I want to pass the request to the backend without authorization if only the x-api-key is present. Can this be achieved using a custom filter?
Currently, we don't have any option for this. But you can give a try to write a custom filter including the below code and place it before the Auth filter.
string X_API_HEADER_NAME = "x-api-key";
string SKIP_ALL_FILTERS = "skip_filters";
if (request.hasHeader(X_API_HEADER_NAME)) {
context.attributes[SKIP_ALL_FILTERS] = true;
}
Related
I’m trying to migrate an authorization request into the authorization at the Postman collection level. The request body has an additional parameter for account_id that needs to be passed.
I’m unable to find a way to pass this additional parameter when using Oauth 2.0 client credentials flow. Is there a way to include this?
You're trying to add a new header. I don't think this is supported on the collection level, but a workaround is to use a pre-request script on the collection level:
const Header = require('postman-collection').Header
pm.request.headers.add(new Header(`account_id:${pm.environment.get('et_mid')}`))
I am using oidc as authentication in AWS Appsync. For some purpose I need the base64encoded version of JWT TOken in the resolver mapping template. Can anyone suggest any solution? Thanks in advance
You could use Custom Headers for this.
With custom headers you can pass in additional information into your request and access in your mapping templates.
Your mapping template could contain a line like:
#set($encodedToken = $utils.toJson($context.request.headers.encodedToken))
Doing this would allow you format the data as needed on the client before making the request.
I found a way here:
#set($token = $context.request.headers.get("authorization"))
I’m using the Istio OPA adapter to manage AuthN and AuthZ. Some of my backend services need to know who is making a given request; for example, to populate a created_by column when a given user creates something.
I’m trying to figure out an elegant way of decoding the JWT and putting the “sub” field into a “user” header before the request gets sent to the actual backend service. This way, a given service would simply need to look at the “user” header rather than dealing with parsing the JWT.
Any ideas or recommendations on how this could be accomplished are appreciated.
You should be able to add headers with Lua code in an EnovyFilter or with a Mixer filter starting in Istio 1.1.
Take a look at this issue which describes some experimenting with adding headers extracted from JWT fields to affect routing:
https://github.com/istio/istio/issues/8444.
Pretty self explanatory title. I'm using API Gateway in AWS, requiring an API key to access a backend written in Django (not using lambda). I need to know how to access the API key used in the request to keep track of who did what at the app level.
You can use mapping templates and get the API Key from the $context variable, it’s the apiKey property inside the identity object: http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html#context-variable-reference
Create a mapping template for your requests and include the property in it. For example, if you wanted to include the entire request body + the API Key you would do this:
{
"body": $input.json('$'),
"apiKey": "$context.identity.apiKey"
}
Depending on how your backend application is built, you could send the API key to your application in a HTTP parameter (path, query string, or header) or in the request body. Please have a read through the docs on how to move data between the two systems.
Thanks,
Ryan
Here is how I finally made it work. At the top or bottom of the template, include this line.
#set($context.requestOverride.header.x-api-key = $context.identity.apiKey)
When your backend receives this request, the api key will be in the header x-api-key.
Here is a basic mapping template that just forwards the (json) body and the header.
$input.json("$")
#set($context.requestOverride.header.x-api-key = $context.identity.apiKey)
API Gateway uses the X-API-Key header, so I like for my backend to also use that. That way I can use the same testing commands with only the URL being different.
Is there a way to dynamically set the endpoints in WSO2 API Manager to something other than the configured production and sandbox URLs? In my case, I want to route based on an incoming header value; resulting in something like:
https://my_dynamically_determined_subdomain.my_static_domain.com
I tried doing this with a custom handler class that writes my desired URL to the "To" header, but that doesn't seem to affect the routing.
Is there another way to accomplish this?
Your approach seems to be good. You can set "To" header dynamically. But you have to use a Default Endpoint, instead of a HTTP Endpoint. Default Endpoint will send the message to the URL found in "To" header. Please modify your inSequence of the API Configuration (found in $AM_HOME/repository/deployment/server/synapse-configs/default/api/your-api.xml) to replace the HTTP endpoint with a Default endpoint, as shown below.
If you want to do this to all of your APIs, then you can edit velocity_templates.xml so that all the APIs will be published with default endpoints automatically. Please refer this doc for more details on this. It is worth to have a look at this blog post which is discussing a similar pattern what you are trying to do.