Both apikey and oauth in Edge micro

Not applicable

Can we configure both apikey and oauth simultaneously in edge micro. It should authenticate based on the request.

Thanks,

Jaskaran

1 10 491
10 REPLIES 10

Former Community Member
Not applicable

All plugins will execute on all requests. Conditional execution is currently not possible in EM.

I have not tried apikey verify and oauth both enabled. But I don't see any reason for it to not work.

As per docs configuration for both would be same but whenever I try with x-api-key in header edge micro gives 403.

Former Community Member
Not applicable

I have this working. Does your API product include edgemicro-auth?

You were right @Srinandan Sridhar I missed the edgemicro-auth api in the product, but after adding that I can see that edgemicro-auth api is giving 200 but edgemico gateway is giving 401.

We are getting the error { "error": "invalid_token" }

Former Community Member
Not applicable

Then I suspect the validity of the api key.

anshul_
Participant IV

@Srinandan Sridhar It seems to be an issue with the edegemicro-auth as I can see that post API-key validation it creates a signed JWT token and send it back to the edge-micro to validate that.

We have configured jwt_public_key with the URL of our public key(not the one provided by Apigee) to sign and validate a JWT token, but the edegemicro-auth is signing the token retrieved from the Apigee vault. As the token is being signed with the Apigee generated private key but it being validated against our key, the authentication is failing.

@Srinandan Sridhar . I can confirm the issue as when I point the jwt_public_key to jwt_public_key: 'https://<org>-<dev>.apigee.net/edgemicro-auth/publicKey' it works.

@Srinandan Sridhar could you identify the issue ?

Former Community Member
Not applicable

Hey @aagrawal, I think we should start a new thread. You're trying to load custom certs and want to validate against them. Let's start a new thread please.