This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to manage session/state for a caller in edge microgateway

Posted on 04-05-2018 04:25 AM
anarjinary
New Member
Reply posted on --/--/---- --:-- AM

hi,

We are running on 5.12 microgateway and have a use case as below:

A requester sends a request to MGW, it calls for an Auth server and fetches the oauth token which we are caching it. And using the token we are sending the request to the Target API.

The cache will live till the token's expiry in microgateway and the requests lookup the cache everytime before proceeding to Target API.

If incase the token is revoked while its still living in microgateway cache, the request to target server would fail with 401 http code.

We are trying to handle this 401 thrown from target server.

When it throws a 401, we want to fetch the token from Auth server again (this is achieved) and then send the request to target API again.

How do we maintain the initial request details when we are sending the request again after we receive a 401 at first.

FYI: We are trying to handle this error in 'ondata_response' event

Thanks

0 5 238
Topic Labels
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
anarjinary
New Member
Reply posted on --/--/---- --:-- AM

hi @Srinandan Sridhar , if you can help on this.

Thanks in advance.

0 Likes

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
Reply posted on --/--/---- --:-- AM
@anarjinary@wiley.com

I'm not sure I understand how this will work. A consumer sends a revoked token. MG will pass the token and send it to the backend. The backend will fail with 401. Then you say "When it throws a 401, we want to fetch the token from Auth server again (this is achieved) and then send the request to target API again."


How will you do this? MG doesn't have the information to get a new token (i.e., MG doesn't have a refresh token).

I think the consumer should obtain a new token. There was a reason the token was revoked. Why is the gateway making assumptions and obtain a new token?

0 Likes

Posted on --/--/---- --:-- AM
anarjinary
New Member
In response to Former Community Member
Reply posted on --/--/---- --:-- AM

hi @srinandans ,

The token mentioned in my question is not a MGW jwt. The token I had mentioned was for the target end services - there is an oauth mechanism followed for target end services too

The consumer doesnt send the token, the request uses it from the cache before sending it to the target end. So in this case if the token is revoked by the external Auth server while the token is cached in MGW, the request would use the token from the cache and it would fail. I am trying to handle this failure in the response flow.

Let me know if it would help if i share the code with you.

Thanks.

0 Likes

Posted on --/--/---- --:-- AM
anarjinary
New Member
In response to anarjinary
Reply posted on --/--/---- --:-- AM

hi @srinandans , At high level, the point we are trying to achieve is to send request to the target server one more time, once we are in response flow.

0 Likes

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
In response to anarjinary
Reply posted on --/--/---- --:-- AM

hmm...I get what you're trying to do.

Have you tried writing this code in onerror_response

Otherwise what you're trying is what I would do too. There is no obvious way in MG to do this.

0 Likes