Hi,
I'm trying to secure the microgateway with OAuth proxy and it doesn't seem to work for me.
The version I'm using is 2.5.16 and I tried before 2.5.19 but I had the same issue.
Here the details of the issue:
- Requests:
1- Get the access token.
2- Try to shoot the aware proxy using the access token:
curl -i -H "Authorization: Bearer [access_token]" http://localhost:8000/hello
- Response:
HTTP/1.1 403 Forbidden
content-type: application/json
Date: Fri, 13 Jul 2018 13:48:35 GMT
Connection: keep-alive
Content-Length: 25
{"error":"access_denied"}
- The log file doesn't show much details, here what is displayed:
error oauth m=GET, u=/hello, h=localhost:8000, r=::ffff:127.0.0.1:39336, s=403
error m=GET, u=/hello, h=localhost:8000, r=::ffff:127.0.0.1:39336, s=403, name=undefined, message=undefined, code=undefined, stack=undefined
- Here the output when the requests are made in debug mode of the microgatway:
gateway:main selected proxy http://mocktarget.apigee.net/ with base path /hello for request path /hello +0ms
gateway:main sourceRequest xxxxxxxxxxx GET /hello +0ms
plugin:oauth validating jwt +0ms
plugin:oauth product only: false +20ms
plugin:oauth matches proxy rules: null +2ms
plugin:oauth auth failure 403 access_denied { 'user-agent': 'curl/7.35.0',
host: 'localhost:8000',
accept: '*/*',
client_received_start_timestamp: xxxxxxxx} GET /hello +0ms
logging to /var/tmp/xxxxxxxx-api.log
gateway:errors access_denied +0ms
analytics flushing 1 records. 0 records remaining. +4m
- I have checked this question (https://community.apigee.com/questions/47846/microgateway-not-working-with-oauth.html)
So when I change the configuration like :
oauth:
allowNoAuthorization:true
allowInvalidAuthorization:true
The request works even without using the generated access token.
The proxy works fine without authorization if the oauth sequence is removed, but the goal is to secure the microgateway using the access_token.
Can someone help with this?
LinkedIn
Twitter
