I am using wso2am-2.6.0 versrion and I would like to pass an existing bearer token which is different than the wso2 oauth token which wso2 is providing.
I followed the instructions given in this link:
Configure the header per API
Configuring the header for the entire organization
None of them solved my problem.
Providing the existing bearer token, after following the steps mentioned in the above link, the below is the response I am getting:
{
"fault": {
"code": 900901,
"message": "Invalid Credentials",
"description": "Access failure for API: /embargoQA/v1, version: v1 status: (900901) - Invalid Credentials. Make sure you have given the correct access token"
}
}
Any help would be appreciated.
It seems the API is not updated with the new header for some reason. If it was updated properly you should see it like this under the CORS handler.
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
<property name="apiImplementationType" value="ENDPOINT"/>
<property name="AuthorizationHeader" value="Token"/>
</handler>
This issue is solved by doing couple of changes,
One on the api-manager.xml, un-commenting the RemoveOAuthHeadersFromOutMessage tag and making it "false" under OAuthConfigurations as shown below,
<OAuthConfigurations>
<!-- Remove OAuth headers from outgoing message. -->
<RemoveOAuthHeadersFromOutMessage>false</RemoveOAuthHeadersFromOutMessage>
..........
</OAuthConfigurations>
Second is on the manage tab while publishing the API, Under the Resource section for the respective endpoint you have select "None" option instead of selecting "Application/Application User"
With this solution we need not add Authorization Header, as Token on the manage tab while publishing the API. After doing these changes while trying it out on the API Store you can provide your Bearer token on the field meant for it and provide the required inputs click execute it should work.
Related
don't give me this link https://developer.here.com/documentation/authentication/dev_guide/topics/using-postman.html guide in this link in not working with postman
my postman version
my valid Credentials.propeties
here.access.key.id = V0qAiqfSzIFVv5dPjZ3XmQ
here.access.key.secret=XualuioK9BU9gxw5xjN3oViSRb6HPgTiWsWG5bBWL5G7kr5nsJpoWpCsli5ISQnQ8JlrX2mScSOdDqJAnKvIGA
here.token.endpoint.url = https://account.api.here.com/oauth2/token
same as in guide my Authorization
Headers
Body
Response from server
Console detailed log about request
On the Authorization tab I see you have checked "Add empty parameters to signature" and unchecked "Encode the parameters in the Authorization header".
your Auth tab
Only "Encode the parameters in the Authorization header" should be checked.
Let me know if that fixes it. I also verified this still works with the latest version of Postman v7.34.0 .
Disclosure: I'm a product manager at HERE Technologies
I couldn't find a way to set "Auth Type" when I tried to create api in api-publisher.
Then I have to add Authentication to request header, but for some reason I don't want to set the auth header for my request.
And I found something in APIM Documention that said I should set "Auth Type" to "None", but I could not see this selection in api-creating page (APIM 2.0).
Will be appreciated if there are any help..thanks!!
In manage tab, resources are listed like this.
Here, Application & Application User is the default auth type. Click on it and select none.
We are trying to use the API Manager (1.10) to call an existing API (POST) that already uses an Authorization header token. I several things including using mediation according to an article entitled "Pass a Custom Authorization Token to the Backend" and that didn't seem to work.
I finally tried setting the "Auth Type" to "None" which according to documentation should just pass the API call directly to the backend (including the authorization header). This didn't work either. The call gets to the backend service but seems to lose the Authorization header so it throws an 400 error (the same error I get when I leave out the header and call the backend api directly using SoapUI).
Any help would be appreciated!
If you followed the instructions here, it should work.
I have implemented this for several projects and I can attest it did work.
You may turn on wire logs via configuring log4j.properties, inspect the wire log and see what happens.
If you want to have authorization (oauth token validation) at the API gateway as well as want to pass the custom authorization header to back end, you will need to follow the setup described in the documentation[1].
If you want to disable authorization at the API gateway level by setting the authorization type[2] to "none" and want to pass the Authorization header (custom) from client to the back end through the API gateway, you need to do the following steps.
By default, the API gateway will drop the "Authorization" header without sending it to the backend[3]. To send the Authorization header to the backend through the API gateway, uncomment the following property and set its value as "false" in <wso2am-home>/repository/conf/api-manager.xml and
<RemoveOAuthHeadersFromOutMessage>false</RemoveOAuthHeadersFromOutMessage>
[1] https://docs.wso2.com/display/AM1100/Pass+a+Custom+Authorization+Token+to+the+Backend
[2] https://docs.wso2.com/display/AM1100/Key+Concepts#KeyConcepts-HTTPmethods
[3] https://docs.wso2.com/display/AM1100/FAQ#FAQ-HowcanIremovetheauthenticationheadersfromthemessagegoingoutoftheAPIGatewaytothebackend
I want to implement a custom code for token generation or you can think of removing OAuth2 from the WSO2 implementation and incorporating my specific APIs for token management. Is this possible? If yes, then please guide me how to achieve the same.
If you need to customize it fully, It means that you need to completely remove the OAuth2. There there is no worth of it. But; if you just need to customize some behaviors of the OAuth2, It can be done easily. There are several extension points for it. One main extension is that customization of OAuth2 grant types. You can find details from here and some sample for it. It may helps to do some major customization of the OAuth2 flow. Hope it would help for you.
When you send an API request to the backend, you pass a token in the Authorization header of the request. The API Gateway uses this token to authorize access, and then drops it from the outgoing message. If you wish to use a different (or a custom generated) authorization token than the application generated access token, you can use it as a token exchange mechanism in mediation logic of the API. In this tutorial, we explain how to pass a custom authorization token that is different to the authorization token generated for the application.
Add the following sequence content in to a file and save it as XML file.
Log in to the API Publisher, create a new REST API
Navigate to the Runtime Configurations tab, enable the Message Mediation in Request flow. Engage the In sequence that you created earlier and click Save .
If the API is not in PUBLISHED state, go to Lifecycle tab, click REDPLOY to re-publish the API.
Go Developer Portal, subscribe and obtain a token to invoke the published API.
Install any REST client in your machine. We use cURL here.
Go to the command line, and invoke the API using the following cURL command.
In this command, you pass the token that the backend expects, i.e., 1234, in the Custom header with the authorization token that the system generates in the Authorization header.
curl -H "Authorization: Bearer " -H "Custom: Bearer 1234"
NOTE
is the token that you got in step 20.
appears on the API's Overview page in the API Developer Portal. Copy the HTTP endpoint. If you select the HTTPs endpoint, be sure to run the cURL command with the -k option.
Note the response that you get in the command line. According to the sample backend used in this tutorial, you get the response as "Request Received."
FOR MORE EXPLANATION, PLEASE VISIT THIS LINK
[LINK] : https://medium.com/#PrakhashS/passing-access-token-to-oauth2-protected-backends-wso2-api-manager-7d0671a0afca
I am getting the following respose while trying to assess my api endpoint:
<am:fault xmlns:am="http://wso2.org/apimanager">
<am:code>101504</am:code><am:type>Status report</am:type>
<am:message>Runtime Error</am:message>
<am:description>Send timeout</am:description>
</am:fault>
Kindly suggest what went wrong.
Lucas, it is exactly what it says - looks like the backend service is only available intermittently so when it is not available - you get the timeout reported by the gateway.
Just add a header to accept text/xml:
'content-type': 'text/xml'
I had the same issue and the solution was to Increase the Endpoint Timeout from the API Manager as described here :
https://apim.docs.wso2.com/en/latest/design/endpoints/resiliency/endpoint-timeouts/
Sign in to the API Publisher Portal.
https://:9443/publisher
Example: https://localhost:9443/publisher
Use your username and password to sign in.
Click on an API in the API Publisher Portal listing page.
Click Endpoints under API Configurations.
Click on the cogwheel, which is inline with the endpoint that you need to configure, and update the endpoint related configurations as required.
Go to Advanced Endpoint Configurations.
Increase Connection Timeout value