This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Apikey plugin product verification

Posted on 05-05-2020 04:37 AM
guillaumesoing
New Member
Reply posted on --/--/---- --:-- AM

Hello,

I have a question regarding the apikey plugin (it's the same behavior with the oauth). If I look the documentation and the code with the parameter productOnly=false a request is authorized only if one of the product to which it has subscribed contains a path matching the one requested.

My problem is that whatewer I try the list of apiRessources linked to a product is always empty when I call the /edgemicro-auth/products endpoint from the edgemicro-auth proxy provided with the microgateway.

Does someone has an idea of to fix this. I really need to check the path because I do some rooting in m plugin flow and actually if some has access to any product deploy on my microgateway it will have access to all the proxy deployed on it.

I have took a look at this repository : https://github.com/apigee/microgateway-edgeauth but the part which deal with product in an internal apigee API

Thanks for your help

0 1 87
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
guillaumesoing
New Member
Reply posted on --/--/---- --:-- AM

I found my problem. First i have a proxy which match / and in the microgateway I have a plugin which made some rewrite. So if an app have access to this proxy it can have access to everything i rewrite behind.

Second it's a misunderstanding of the product documenation. You van add path to the product to reduce the scope of ressource that the proxies include in the product expose by defined it. So As I do not have specify this that why the product ressource attribute was empty.

0 Likes