This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Edgemicrogateway and Basic Authorization header

Posted on 03-09-2018 06:23 AM
apininja
Staff
Reply posted on --/--/---- --:-- AM

I am using edgemicro in front of an internal API that needs a Basic Authorization header. I also enabled oauth plugin on the edgemicro so that it validates the x-api-key header.

The problem is that it seems as if the edgemicro is validating the Basic Authorization header that is really meant for the backend. Edgemicro is complaining that the token is invalid, and that's right, as it's a Basic Authorization header and not an oauth token at all. Edgemicro should disregrard the Authroization header.

Am I doing something wrong? Or is there a way to tell edgemicro not to validate the Authorization header?

Solved Solved
0 5 1,058
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
Reply posted on --/--/---- --:-- AM

There are two parts to this:

1) In the OAuth plugin, set allowAPIKeyOnly = true. See here for reference (https://docs.apigee.com/api-platform/microgateway/2.5.x/operation-and-configuration-reference-edge-microgateway). This will cause the plugin to ignore the Authorization header completely.

2) Use the bauth plugin or a custom plugin. The bauth plugin (short for basic auth) doesn't actually validate the credentials, it validates the format and decodes the user and password into variables for access in a subsequent (custom) plugin. In your case, you may not need the custom plugin, but still use the bauth plugin to check for format.

View solution in original post

Jump to Solution
5 REPLIES 5

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
Reply posted on --/--/---- --:-- AM

There are two parts to this:

1) In the OAuth plugin, set allowAPIKeyOnly = true. See here for reference (https://docs.apigee.com/api-platform/microgateway/2.5.x/operation-and-configuration-reference-edge-microgateway). This will cause the plugin to ignore the Authorization header completely.

2) Use the bauth plugin or a custom plugin. The bauth plugin (short for basic auth) doesn't actually validate the credentials, it validates the format and decodes the user and password into variables for access in a subsequent (custom) plugin. In your case, you may not need the custom plugin, but still use the bauth plugin to check for format.

Jump to Solution

Posted on --/--/---- --:-- AM
apininja
Staff
In response to Former Community Member
Reply posted on --/--/---- --:-- AM
@srinandans

Made the change allowAPIKeyOnly = true. The error is now: 

malformed sJWS: wrong number of '.' splitted elements

Not sure what is happening, but is EdgeMicro (despite the allowAPIKeyOnly setting) still evaluating the Basic Authorization header?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
In response to apininja
Reply posted on --/--/---- --:-- AM

I just tested this this. Works for me.

Here's my config:

oauth:
  allowAPIKeyOnly: true
  allowNoAuthorization: false
  allowInvalidAuthorization: false
  productOnly: false
  cacheKey: true
  gracePeriod: 10

Here's my curl command:

curl localhost:8000/httpbin -v -H "x-api-key: xxx" -H "Authorization: Basic xxx"

The auth header was ignored.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
faijahmad
New Member
Reply posted on --/--/---- --:-- AM

@Kevin Bouwmeester , I think this page will also help you.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

@srinandans

@Kevin Bouwmeester

@Faij Ahmad

Kevin posted this message for me, but I'm having this issue.
I changed the first 3 Parameters as described (oauth: allowAPIKeyOnly: true
allowNoAuthorization: false allowInvalidAuthorization: false) and added the last 3 Parameters as they were not defined in the YAML file (productOnly: false cacheKey: true gracePeriod: 10)

But I still get the same error message "malformed sJWS: wrong number of '.' splitted elements".

From the first hint I only added part 1) (allowAPIKeyOnly = true) but not part 2) (bauth plugin) as this sounds optional for me.

Can somebody confirm, that part 2) is not mandatory?

Does somebody know what's the root cause for the error message I get?

,

@Faij Ahmad

@srinandans

@Kevin Bouwmeester


Kevin was posting this message for me, as I'm having this problem. I checked the settings you describes for the YAML file and added the last 3 paraemeters, as they were not defined in my configuration. The other values are set as you describes.
But I stíll get the same error message "malformed sJWS: wrong number of '.' splitted elements".

Regarding you hint from 9. March I only added point 1) (allowAPIKeyOnly = true) but not 2) (

bauth plugin).

Is 2) also necessary or only optional?

Is there anybody who knows the meaning of the error message and what's the reason for that?

Jump to Solution
0 Likes