edgemicro authorization validation via queryparam

We are trying to validate authorization via a query string OR the header for edgemicro.

I have changed the OoB oauth plugin as below:

if ((apiKey = reqUrl.query['cid']) || (apiKey = req.headers[apiKeyHeaderName])) {
 exchangeApiKeyForToken(req, res, next, config, logger, stats, middleware, apiKey);

By changing like above, i could get success for 1 API tried till now but majority shows 403 Forbidden.

Could anyone please help me understand on what could cause this.

current nodejs version is v7.6.0

current edgemicro version is 2.3.5


0 1 134

Former Community Member
Not applicable

I do not recommend changing the OOTB plugin with custom logic. If you are writing custom logic, create a fork/new plugin.

A second simpler method is to write a custom plugin (and add it before the OAuth plugin) that looks for a query param, removes it and adds it to the header. The OAuth plugin will anyway look for it in the header.