This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Remove Selective Authorization header

Posted on 04-07-2017 12:34 PM
ishitachakrabor
New Member
Reply posted on --/--/---- --:-- AM

I am trying to create a Proxy which will receive 2 Authorization Headers, one with Bearer token and another with Basic. The Proxy should validate the Bearer and remove it and pass the Basic one to the backend service. I am not able to selectively remove one Auth header using the below as per the documentation

<Remove> <Headers> <Header name="Authorization.2"/> </Headers> </Remove>

Also when 2 headers are being sent Apigee is not able to selectively validate the Bearer. Is there a way to check the value and then remove that particular header only?

2 7 4,553
Topic Labels
7 REPLIES 7

Posted on --/--/---- --:-- AM
sudheendras
Staff
Reply posted on --/--/---- --:-- AM

I don't know if there is any specification that disapproves having multiple-auth headers, but it's good to have custom headers to handle situations like this.

To test this, I created a proxy and added an extract-variable-policy on the request pipeline. It looks like this - 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ExtractVariables async="false" continueOnError="false" enabled="true" name="Extract-Variables-1">
    <DisplayName>Extract Variables-1</DisplayName>
    <Properties/>
    <Header name="Authorization">
        <Pattern ignoreCase="false">Bearer {oauthtoken}</Pattern>
    </Header>
    <Header name="X-Authorization">
        <Pattern ignoreCase="false">Basic {basicauth}</Pattern>
    </Header>
    <Source clearPayload="false">request</Source>
</ExtractVariables>

When I send the following request, I see that both oauthtoken and basicauth variables will be populated - 

curl -v "http://edgeorg-test.apigee.net/api1" -H "Authorization : Bearer 123" -H "X-Authorization : Basic dG9iYWNrZW5k"

Once you have the values extracted, you can remove the header with an Assign-Message-policy similar to this - 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="Assign-Message-1">
    <DisplayName>Assign Message-1</DisplayName>
    <Properties/>
    <Remove>
        <Headers>
            <Header name="X-Authorization"/>
        </Headers>
    </Remove>
    <AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>

Hope this helps!

0 Likes

Posted on --/--/---- --:-- AM
ishitachakrabor
New Member
Reply posted on --/--/---- --:-- AM

The problem is that this is a migration project from another API Management tool so i cannot change the existing. I was trying an alternate solution,whereby I am Extracting the headers and then removing and setting them again. I noticed a strange thing. If the header name is Authorizations or anything else, the below code works.

<Header name="Authorizations"> <Pattern ignoreCase="true">Bearer {oauthtoken}</Pattern> </Header> <Header name="Authorizations"> <Pattern ignoreCase="true">Basic {basictoken}</Pattern> </Header>

However if you just change the name to Authorization it doesn't work anymore. It seems there is some definition associated with the header name which extracts to a string and not to an array as in the documentation. Doesn't this sound like a bug to you?

0 Likes

Posted on --/--/---- --:-- AM
sudheendras
Staff
In response to ishitachakrabor
Reply posted on --/--/---- --:-- AM

Ok. I understand. Authorization is a standard HTTP header, but not Authorizations. Hence extracting headers works with that approach only when it's Authorizations. I also believe Apigee Edge does not allow you to send multiple authorization headers.

0 Likes

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

@ishitachakraborty , What does request look like to the proxy & to the target server ? Are you sending two headers with same name & different value or one header with a value separated by comma or any delimitter ?

0 Likes

Posted on --/--/---- --:-- AM
ishitachakrabor
New Member
Reply posted on --/--/---- --:-- AM

@Anil Sagar The request being sent to the Proxy has 2 Authorization headers as below:-

Content-Type:application/json

Authorization:Bearer TncQuodX0zk8Is8ds1D6UVVK7

Authorization:Basic c3RhZ2U6c3RhZ2UjMWNvcH

Accept:application/json

So yes, 2 headers with same name and different values. However i think that the Proxy is interpreting is as a 1 header with 2 values. Because the array and pattern functionality work great if I even rename the header to anything else.

0 Likes

Posted on --/--/---- --:-- AM
anilsr
Staff
In response to ishitachakrabor
Reply posted on --/--/---- --:-- AM

@ishitachakraborty , When i try to send two headers with Authorization as key Apigee Edge cloud generates router / DNS kind of error. Do you see same ? Are you working on OnPremises ?

0 Likes

Posted on --/--/---- --:-- AM
ishitachakrabor
New Member
In response to anilsr
Reply posted on --/--/---- --:-- AM

@Anil Sagar Yes I am working on premise. and there is no router/DNS error. Infact I have created a workaround also using JS to split the headers ( since Edge is concatenating it as a string) and then adding it back one by one which seems to work kinda fine for now.

0 Likes