Production Gateways down: Sudden Authentication failure

robinm
Participant IV

Inbound traffic to all four micro gateways began to fail with an authorisation error around 21:00 SAST on Tuesday night. (two in Dev, two in Production ) .. at the same time.

401  {"error":"invalid_token","error_description":"invalid_token"}

"A trace run on Apigee-Auth shows it passes the verifyApiKey where Apigee responds with a valid token, but after that the gateway fail.

We then had to remove –oauth from the config after which it started to work again. Tuesday 15h00 SAST was the last time the gateways have send any analytics to Apigee"

RCA

  • Ran configure command to obtain new keys. Still same issue
  • Tried to run the same config file on another machine. Still same issue.
  • Removed the OAuth from the config in Dev. This got the services up and running again but now there is no security.

Oauth piece in config file :

oauth:
  allowAPIKeyOnly: true
  productOnly: false
  cacheKey: true
  allowNoAuthorization: false
  allowInvalidAuthorization: false
  verify_api_key_url: 'https://{prod}-{env}.apigee.net/edgemicro-auth/verifyApiKey'

So what makes our config unique is we had to remove recognising Authorization header and only use x-api-key. Since we are passing Auth headers to SAP

But the experts will hopefully know that from looking at the auth config

Edge Microgateway 3.0.8

edgemicro-auth is now Hosted Target version, upgraded from Trireme.

Plea for assistance or clues, good people.

0 0 206