I am using edgemicro in front of an internal API that needs a Basic Authorization header. I also enabled oauth plugin on the edgemicro so that it validates the x-api-key header.
The problem is that it seems as if the edgemicro is validating the Basic Authorization header that is really meant for the backend. Edgemicro is complaining that the token is invalid, and that's right, as it's a Basic Authorization header and not an oauth token at all. Edgemicro should disregrard the Authroization header.
Am I doing something wrong? Or is there a way to tell edgemicro not to validate the Authorization header?
Solved! Go to Solution.
There are two parts to this:
1) In the OAuth plugin, set allowAPIKeyOnly = true. See here for reference (https://docs.apigee.com/api-platform/microgateway/2.5.x/operation-and-configuration-reference-edge-microgateway). This will cause the plugin to ignore the Authorization header completely.
2) Use the bauth plugin or a custom plugin. The bauth plugin (short for basic auth) doesn't actually validate the credentials, it validates the format and decodes the user and password into variables for access in a subsequent (custom) plugin. In your case, you may not need the custom plugin, but still use the bauth plugin to check for format.
There are two parts to this:
1) In the OAuth plugin, set allowAPIKeyOnly = true. See here for reference (https://docs.apigee.com/api-platform/microgateway/2.5.x/operation-and-configuration-reference-edge-microgateway). This will cause the plugin to ignore the Authorization header completely.
2) Use the bauth plugin or a custom plugin. The bauth plugin (short for basic auth) doesn't actually validate the credentials, it validates the format and decodes the user and password into variables for access in a subsequent (custom) plugin. In your case, you may not need the custom plugin, but still use the bauth plugin to check for format.
Made the change allowAPIKeyOnly = true. The error is now:
malformed sJWS: wrong number of '.' splitted elements
Not sure what is happening, but is EdgeMicro (despite the allowAPIKeyOnly setting) still evaluating the Basic Authorization header?
I just tested this this. Works for me.
Here's my config:
oauth: allowAPIKeyOnly: true allowNoAuthorization: false allowInvalidAuthorization: false productOnly: false cacheKey: true gracePeriod: 10
Here's my curl command:
curl localhost:8000/httpbin -v -H "x-api-key: xxx" -H "Authorization: Basic xxx"
The auth header was ignored.
@Kevin Bouwmeester , I think this page will also help you.
@srinandans
@Kevin Bouwmeester
Kevin posted this message for me, but I'm having this issue.
I changed the first 3 Parameters as described (oauth: allowAPIKeyOnly: true
allowNoAuthorization: false allowInvalidAuthorization: false) and added the last 3 Parameters as they were not defined in the YAML file (productOnly: false cacheKey: true gracePeriod: 10)
But I still get the same error message "malformed sJWS: wrong number of '.' splitted elements".
From the first hint I only added part 1) (allowAPIKeyOnly = true) but not part 2) (bauth plugin) as this sounds optional for me.
Can somebody confirm, that part 2) is not mandatory?
Does somebody know what's the root cause for the error message I get?
,@Faij Ahmad
@srinandans
@Kevin Bouwmeester
Kevin was posting this message for me, as I'm having this problem. I checked the settings you describes for the YAML file and added the last 3 paraemeters, as they were not defined in my configuration. The other values are set as you describes.
But I stíll get the same error message "malformed sJWS: wrong number of '.' splitted elements".
Regarding you hint from 9. March I only added point 1) (allowAPIKeyOnly = true) but not 2) (
bauth plugin).
Is 2) also necessary or only optional?
Is there anybody who knows the meaning of the error message and what's the reason for that?
User | Count |
---|---|
2 | |
1 | |
1 | |
1 | |
1 |