In WSO2 API Manager old store/publisher APIs, I can login and get a cookie for authentication. But in new APIs I can't find a login API. In docs I can see it uses a (OAuth) token.
curl -H "Authorization: Bearer aa0ddec1ac656744234477f20fafcb0d" http://127.0.0.1:9763/api/am/store/v0.9/apis
But I don't see a way to get it. Could someone please help me?
You have to create an OAuth2 application using DCR API. Docs can be found here. Then call to token API and get an access token.
Related
i using wso2 to manager my group's api,so i publish my api to wso2 Publisher. My api has its own authentication by send a bearer token.The swagger document have the authorize button ,but when i import my api definition in wso2 Publisher.the authorize button is disappear.
i have these question
1、How should I send the original beaer token?
2、when i use swagger3 definition,it show some error,swaager3 is not supported by the import function?
anyone has suggesstion?
my wso2 version is: WSO2 API-M v4.1.0
WSO2 API Manager does support Swagger2 and Open API Specification (OAS) 3 and above.
And with regard to Bearer tokens in API Manager, you can generate a bearer token using the DevPortal for your APIs. You need to create a new Applicaiton, and subscribe to your API, and then you can generate a new JWT-based bearer token.
Please check this section in detail - https://apim.docs.wso2.com/en/latest/consume/consume-api-overview/
If your backend is OAUth protected you can use Endpoint security to add OAuth configs to generate a backend bearer token when calling the API. Take a look at this document.. Also if you want to import backend certificates to API Manager take a look at this document.
we are moving WSO2 API from 3.1 to 4.1.
In 3.1 we are getting user profile all claims in X-JWT-Assertion header
But 4.1 we are not getting all claims. we are seeing only default claims.
can you help us how to get all claims.?
You can follow these steps.
Create an application in the devportal.
When you generate consumer key and secret in the devportal for this application, it creates the service provider underneath. This service provider will be available when you logged into the carbon console.
Click on the service provider and configure the claims under claim configuration. You can provide the required claims here as shown in the screenshot.
Update the user profile as in https://is.docs.wso2.com/en/latest/guides/identity-lifecycles/update-profile/
Use the openid scope when generating the access token.
curl -k -X POST https://localhost:9443/oauth2/token -d
"grant_type=password&username=admin&password=admin&scope=openid" -H
"Authorization: Basic Base64Encoded(ck:cs)"
When the gateway generates the backend jwt, it adds the claims from the access token.
I am using the Rest Framework SimpleJWT for token authentication.
In postman I add the Bearer token in the Authorization tab and the API works fine.
When I try to use the API on a browser I do not have an option to pass the Bearer token. I am not sure how to pass the bearer token so the API works in the browser as well.
How can I pass the bearer token in headers.
Let me know if anymore info required, I am able to add all the code here.
You cannot add bearer token to url patterns. Url patterns are added just to match the urls.
The API won't work in the browser if you have implemented authentication.
You can test your APIs via postman (which you have already done) or implement these APIs in your frontend app.
if you want test your API on browser there is an easy way for it You can use ModHeader extension that is available for Chrome and Firefox enter image description here
Reading the google docs (https://developers.google.com/identity/protocols/OAuth2WebServer#callinganapi), it says i can revoke token (and thus force a login with credentials) by calling credentials.revoke.
What would be the flask-oathlib way to do this?
Flask-OAuthlib itself didn't provide a way to revoke token. (I'm the author of Flask-OAuthlib)
My new project Authlib has provided a revoke_token method for OAuth 2.0. However, Google's revoke token endpoint doesn't respect RFC7009, which means the revoke_token method provided by Authlib can not be used.
You can send a HTTP request directly to revoke token endpoint:
curl -H "Content-type:application/x-www-form-urlencoded" \
https://accounts.google.com/o/oauth2/revoke?token={token}
BTW, if you need a RFC7009 revoke token method, checkout the source code in https://github.com/lepture/authlib/blob/master/authlib/client/oauth2.py
I try to develop custom workplace widget for sharepoint. But, in documentation, I does not find how to authenticate users! Only with app access_token or impersonate_token, which is not secure...
Here's an endpoint for generate bearer access_token via sso? Or SAML assertion?
No, you can communicate with Workplace via API only using access_token.