How to pass authorization header in WSO2 OAuth2 and its backend API server Oauth2?

拜拜、爱过 提交于 2019-12-24 15:29:31

问题


Both of the WSO2 API manager and its backend API server(on Azure) are using OAuth2.

They all use the same header as follow:

WSO2 API manager

Authorization: Bearer 72135e9f1dc96201949351261284dc7

API server

Authorization: Bearer MfGb9pnTEGVWmDyjlfSZjlxhc8pFtef

I use Rest client to do the test. I find that I can pass the WSO2 API Manager OAuth2, but can not pass the API Server OAuth2.

the message is: "Authorization has been denied for this request." return by the API Server.

How can I solve this issue by reconfigure WSO2 API Manager ?

Thanks a lot.


回答1:


What happens when a request comes to the WSO2 API Manager with an authorization header is that, it will read the token, validate that against the key manager and drop that token before calling the back end API server. If you want add another authorization header to the back end API server, you can define a mediation extension[1] in sequence in the API and add the authorization token through a header mediator.

<header name="Authorization" value="Bearer MfGb9pnTEGVWmDyjlfSZjlxhc8pFtef"/>

[1] https://docs.wso2.com/display/AM190/Adding+Mediation+Extensions




回答2:


You might want to try route your WSO2 API through an api on ESB , and add the new OAuth2 header(for the Azure api) inside a new message(for instance inside a Header mediator) , then send it through to your back-end api.

You cannot re-use the same OAuth token.




回答3:


This is exactly what you want:

https://docs.wso2.com/display/AM190/Pass+a+Custom+Authorization+Token+to+the+Backend

You make your second authorizatoion header "Custom". And then after wso2 processed your request, it changes back to "Authorization" header via this mediation mentioned above.

I have implemented in several projects and it did work perfectly.

Hope this helps.



来源:https://stackoverflow.com/questions/31451794/how-to-pass-authorization-header-in-wso2-oauth2-and-its-backend-api-server-oauth

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!