Hi,
I would like to read two different access tokens via Authorization header both of token type bearer. Is it possible to send a value like this??
I am looking for a postman request to an api where I can send header looks something like: Authorization Bearer Token1, Bearer Token2.
I am using apigee free version (https://apigee.com/edge).
Solved! Go to Solution.
If both tokens come in the one header, you could also use an ExtractVariable policy to extract Token1 and Token2 as follows:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ExtractVariables async="false" continueOnError="false" enabled="true" name="EV-ExtractAuthHdrs"> <DisplayName>EV-ExtractAuthHdrs</DisplayName> <Properties/> <Header name="Authorization"> <Pattern ignoreCase="false">Bearer {token1}, Bearer {token2}</Pattern> </Header> </ExtractVariables>
If they come in 2 different auth headers (though I couldn't get my client to send such a request) the policy would be:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ExtractVariables async="false" continueOnError="false" enabled="true" name="EV-ExtractAuthHdrs"> <DisplayName>EV-ExtractAuthHdrs</DisplayName> <Properties/> <Header name="Authorization.1"> <Pattern ignoreCase="false">Bearer {token1}</Pattern> </Header> <Header name="Authorization.2"> <Pattern ignoreCase="false">Bearer {token2}</Pattern> </Header> </ExtractVariables>
Hi
I have realized it is possible to send authorization headers as above. At the apigee end I used javascript to split the tokens and run verify JWT policy as required
If both tokens come in the one header, you could also use an ExtractVariable policy to extract Token1 and Token2 as follows:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ExtractVariables async="false" continueOnError="false" enabled="true" name="EV-ExtractAuthHdrs"> <DisplayName>EV-ExtractAuthHdrs</DisplayName> <Properties/> <Header name="Authorization"> <Pattern ignoreCase="false">Bearer {token1}, Bearer {token2}</Pattern> </Header> </ExtractVariables>
If they come in 2 different auth headers (though I couldn't get my client to send such a request) the policy would be:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ExtractVariables async="false" continueOnError="false" enabled="true" name="EV-ExtractAuthHdrs"> <DisplayName>EV-ExtractAuthHdrs</DisplayName> <Properties/> <Header name="Authorization.1"> <Pattern ignoreCase="false">Bearer {token1}</Pattern> </Header> <Header name="Authorization.2"> <Pattern ignoreCase="false">Bearer {token2}</Pattern> </Header> </ExtractVariables>
Thank you. This seems to be a much better option.
User | Count |
---|---|
5 | |
2 | |
2 | |
1 | |
1 |