EMG - JWT token validated against both API Proxies and Resource URI in OAUTH

Not applicable

The inbuilt plugin for EMG OAuth validates both the APIProxies and Resource URIs in the Product against the JWT token payload product details. Why both needs to be validated (Proxy and Resource URIs)?

If I want to do only resource URI verification, not the API Proxy , is there any way I can do that?

const checkIfAuthorized = module.exports.checkIfAuthorized = function checkIfAuthorized(config, urlPath, proxy, decodedToken)

{ if (!decodedToken.api_product_list) { return false; } return decodedToken.api_product_list.some(function (product) { const validProxyNames = config.product_to_proxy[product]; if (!validProxyNames) { return false; } const apiproxies = config.product_to_api_resource[product]; var matchesProxyRules = false; if(apiproxies && apiproxies.length){

1 4 578
4 REPLIES 4

Former Community Member
Not applicable

This behaviour is not consistent with Edge.

@kevinswiber - this looks like a defect.

Was that bug fixed in recent EMG versions?

Former Community Member
Not applicable

No @Francois-Xavier KOWALSKI, this has not been fixed yet.

Not applicable

Internal ticket has been labeled cs critical for this bug. Awaiting update from engineering