There can be scenarios where the back-end service is expecting an Authorization token which is different from the Authorization token used in API Cloud. However when a request is sent to WSO2 API Cloud with the Authorization header, API Gateway will use it for API authentication/authorization and it will be dropped from the out going message to the back-end service.
This requirement can be achived with the use of two headers; Authorization header containing the API Clouds token and a different header which contains the value of the token expected by the back-end. Using a custom mediation extension, the value of this second header can be extracted and set it to Authorization header, which will be then send to the back-end. For example the two headers, Authorization (API Clouds token) and Authentication (the token expected by back end) can be used.
For this scenario, per API extension can be used. There is a naming pattern of a per-API extension sequence which is explained here. In API Cloud it should be similar to (assuming the user email as user@email.com);
You can find the Organization Key from Organization Manage page in WSO2 Cloud.
Following is a sample synapse configuration of a per-API extension sequence for this scenario.
A XML file should be created using the above configuration and it should be uploaded to the Governance registry of the API Cloud using the management console UI of Gateway (https://gateway.api.cloud.wso2.com/carbon).
You can get the user name from the top right corner of the Publisher and then enter your password and log in. Once you are logged in select Resources (left hand side of the Management console) and click on Browse and then navigate to /_system/governance/apimgt/customsequences registry location. Since this sequence need to be invoked in the In direction (or the request path) navigate to the in collection. Click Add Resource and upload the XML file of the sequence configuration and add it. (Note: Once you add the sequence it might take up-to 15 minutes until it is deployed into the publisher)
Now go to the Publisher and select the required API and go to edit wizard by clicking edit and then navigate into Manage section. Click on Sequences check box and select the sequence we added from the In Flow. After that Save and Publish the API.
Now you should invoke the API passing the above two headers and the back-end will receive the required Authorization header. A sample curl request would be as follows;
What happens will be as follows;
References:
[1] http://sanjeewamalalgoda.blogspot.com/2014/11/how-to-use-custom-authentication-header.html
This requirement can be achived with the use of two headers; Authorization header containing the API Clouds token and a different header which contains the value of the token expected by the back-end. Using a custom mediation extension, the value of this second header can be extracted and set it to Authorization header, which will be then send to the back-end. For example the two headers, Authorization (API Clouds token) and Authentication (the token expected by back end) can be used.
For this scenario, per API extension can be used. There is a naming pattern of a per-API extension sequence which is explained here. In API Cloud it should be similar to (assuming the user email as user@email.com);
user.email.com-AT-yourOrganizationKey--YourAPIName:v1.0.0--In
You can find the Organization Key from Organization Manage page in WSO2 Cloud.
Following is a sample synapse configuration of a per-API extension sequence for this scenario.
<?xml version="1.0" encoding="UTF-8"?> <sequence xmlns="http://ws.apache.org/ns/synapse" name="user.email.com-AT-yourOrganizationKey--YourAPIName:v1.0.0--In"> <property xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope" xmlns:ns3="http://org.apache.synapse/xsd" name="Authentication" expression="get-property('transport', 'Authentication')"/> <property xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope" xmlns:ns3="http://org.apache.synapse/xsd" name="Authorization" expression="get-property('Authentication')" scope="transport" type="STRING"/> <property name="Authentication" scope="transport" action="remove"/> </sequence>
A XML file should be created using the above configuration and it should be uploaded to the Governance registry of the API Cloud using the management console UI of Gateway (https://gateway.api.cloud.wso2.com/carbon).
You can get the user name from the top right corner of the Publisher and then enter your password and log in. Once you are logged in select Resources (left hand side of the Management console) and click on Browse and then navigate to /_system/governance/apimgt/customsequences registry location. Since this sequence need to be invoked in the In direction (or the request path) navigate to the in collection. Click Add Resource and upload the XML file of the sequence configuration and add it. (Note: Once you add the sequence it might take up-to 15 minutes until it is deployed into the publisher)
Now go to the Publisher and select the required API and go to edit wizard by clicking edit and then navigate into Manage section. Click on Sequences check box and select the sequence we added from the In Flow. After that Save and Publish the API.
Now you should invoke the API passing the above two headers and the back-end will receive the required Authorization header. A sample curl request would be as follows;
curl -H "Authorization: Bearer a414d15ebfe45a4542580244e53615b" -H "Authentication: Bearer custom-bearer-token-value" http://gateway.api.cloud.wso2.com:8280/t/clouddemo/authsample/1.0
What happens will be as follows;
Client (headers: Authorization, Authentication) ->
Gateway (drop: Authorization, convert: Authentication-Authorization) -> Backend
References:
[1] http://sanjeewamalalgoda.blogspot.com/2014/11/how-to-use-custom-authentication-header.html
No comments:
Post a Comment