Ok, this should be because we are using a different header than the authentication header for API Key in synapse gateway. I assume what we are trying here is to use both types of tokens in the authentication header?
On Mon, Dec 9, 2019 at 4:41 PM Praminda Jayawardana <[email protected]> wrote: > It didn't look like synapse gateway did a differentiation between these > two cases. +Rajith Roshan <[email protected]> tested it. API Key didn't > work in Auth header simply because there was a missing attribute in the > JWT. It doesn't result in "Invalid JWT token" or similar error as expected. > > On Mon, Dec 9, 2019 at 4:34 PM Fazlan Nazeem <[email protected]> wrote: > >> We should be identifying both separately already in the synapse gateway. >> Have you checked how it has been done and stick to the same if possible for >> consistency? >> >> On Mon, Dec 9, 2019 at 3:56 PM Amali Matharaarachchi <[email protected]> >> wrote: >> >>> Hi all, >>> >>> We need to differentiate the API Key from a normal JWT token. The API >>> Key is a simple JWT but when an API Key is provided we need to authenticate >>> the user as well. >>> For this purpose, we added the additional claim "apiKey" to the issuing >>> JWT. If it is present in the token, it will be recognized as an API Key. >>> I highly appreciate if you have any suggestions regarding this. >>> >>> Thanks. >>> >>> On Fri, Dec 6, 2019 at 3:54 PM Amali Matharaarachchi <[email protected]> >>> wrote: >>> >>>> Hi Harsha, >>>> >>>> Will the token endpoint is default one and provide an option to point >>>>> to the key manager in a standard deployment? >>>> >>>> >>>> Configurations similar to the following are added to micro-gw.conf file >>>> to enable the self JWT issuer and to provide related configurations [1]. >>>> >>>> [jwtTokenConfig]issuer="https://localhost:9443/oauth2/token"audience="http://org.wso2.apimgt/gateway"certificateAlias="wso2apim"validateSubscription=false >>>> [jwtTokenConfig.jwtIssuer]enabled=falsevalidityPeriod=600keyStoreAlias="ballerina" >>>> >>>> >>>> >>>>> What's the endpoint that we going to provide and how the request would >>>>> look like to get a key? >>>> >>>> >>>> The token endpoint would issue the self JWT token when JWT issuer is >>>> enabled in the config [2]. >>>> >>>> curl -X get "https://localhost:9096/token"; -H "Authorization:Basic >>>> Z2VuZXJhbFVzZXIxOnBhc3N3b3Jk" -k >>>> >>>> [1] >>>> https://github.com/wso2/product-microgateway/issues/897#issuecomment-561996404 >>>> [2] >>>> https://github.com/wso2/product-microgateway/issues/897#issuecomment-562422055 >>>> >>>> On Fri, Dec 6, 2019 at 3:03 PM Amali Matharaarachchi <[email protected]> >>>> wrote: >>>> >>>>> Hi all, >>>>> There is a Slack Discussion[1] in #microgateway channel as well. >>>>> >>>>> [1] https://wso2-apim.slack.com/archives/CLY1W0NSK/p1575007973020900 >>>>> <https://www.google.com/url?q=https://wso2-apim.slack.com/archives/CLY1W0NSK/p1575007973020900&sa=D&source=hangouts&ust=1575710969667000&usg=AFQjCNGG0eIVN13izofrh7vcvPxPyP-NYA> >>>>> >>>>> On Fri, Dec 6, 2019 at 2:48 PM Harsha Kumara <[email protected]> wrote: >>>>> >>>>>> Please discuss this in public groups. >>>>>> >>>>>> What's the endpoint that we going to provide and how the request >>>>>> would look like to get a key? >>>>>> >>>>>> Will the token endpoint is default one and provide an option to point >>>>>> to the key manager in a standard deployment? >>>>>> >>>>>> >>>>>> On Fri, Dec 6, 2019 at 2:31 PM Amali Matharaarachchi <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> We are planning to add a feature for issuing simple JWTs which are >>>>>>> to be used in Microgateway. Please refer GitHub issue [1] for more >>>>>>> information. >>>>>>> >>>>>>> This feature addresses the user story "As a developer, I would like >>>>>>> to invoke my micro gateway API easily without configuring a key >>>>>>> manager". A >>>>>>> self-contained JWT token should be issued as the API key by the >>>>>>> Microgateway server without communicating with an external Key >>>>>>> Manager. This API key would later use to authenticate the user when >>>>>>> invoking an API. >>>>>>> >>>>>>> A token endpoint secured with basic authentication would be provided >>>>>>> to issue the API Key. When invoked with this API Key, API key's sub >>>>>>> claim >>>>>>> could be used to authenticate the user and validate that the user has >>>>>>> the >>>>>>> privilege. >>>>>>> >>>>>>> JWT token format would be similar to: >>>>>>> header >>>>>>> { >>>>>>> "alg": "RS256", >>>>>>> "typ": "jwt", >>>>>>> "kid": "ballerina" >>>>>>> } >>>>>>> payload >>>>>>> { >>>>>>> "sub": "generalUser1", >>>>>>> "iss": "https://localhost:9443/oauth2/token";, >>>>>>> "exp": 1575620540, >>>>>>> "iat": 1575619940, >>>>>>> "jti": "bb38e533-e127-4991-95a2-7a383e634eba", >>>>>>> "aud": "http://org.wso2.apimgt/gateway";, >>>>>>> "apiKey": true >>>>>>> } >>>>>>> >>>>>>> We highly appreciate your suggestions. Thank you. >>>>>>> >>>>>>> [1] https://github.com/wso2/product-microgateway/issues/897 >>>>>>> -- >>>>>>> *Amali Lakshika* >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> *Software EngineerWSO2 Inc.: https://wso2.com >>>>>>> <http://wso2.com/>lean.enterprise.middle-waremobile: **+94 71 932 >>>>>>> 1861* >>>>>>> >>>>>>> *skype: amali.94d* >>>>>>> >>>>>>> <http://wso2.com/signature> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> *Harsha Kumara* >>>>>> >>>>>> Technical Lead, WSO2 Inc. >>>>>> Mobile: +94775505618 >>>>>> Email: [email protected] >>>>>> Blog: harshcreationz.blogspot.com >>>>>> >>>>>> GET INTEGRATION AGILE >>>>>> Integration Agility for Digitally Driven Business >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Amali Lakshika* >>>>> >>>>> >>>>> >>>>> >>>>> *Software EngineerWSO2 Inc.: https://wso2.com >>>>> <http://wso2.com/>lean.enterprise.middle-waremobile: **+94 71 932 >>>>> 1861* >>>>> >>>>> *skype: amali.94d* >>>>> >>>>> <http://wso2.com/signature> >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Amali Lakshika* >>>> >>>> >>>> >>>> >>>> *Software EngineerWSO2 Inc.: https://wso2.com >>>> <http://wso2.com/>lean.enterprise.middle-waremobile: **+94 71 932 1861* >>>> >>>> *skype: amali.94d* >>>> >>>> <http://wso2.com/signature> >>>> >>>> >>> >>> >>> -- >>> *Amali Lakshika* >>> >>> >>> >>> >>> *Software EngineerWSO2 Inc.: https://wso2.com >>> <http://wso2.com/>lean.enterprise.middle-waremobile: **+94 71 932 1861* >>> >>> *skype: amali.94d* >>> >>> <http://wso2.com/signature> >>> >>> >> >> >> -- >> Thanks & Regards, >> >> *Fazlan Nazeem | *Associate Technical Lead | WSO2 Inc >> Mobile : +94772338839 | [email protected] >> >> >> > > -- > > *Praminda Jayawardana* | Associate Technical Lead | WSO2 Inc. > (m) +94 (0) 716 590918 | (e) [email protected] > GET INTEGRATION AGILE > Integration Agility for Digitally Driven Business > -- Thanks & Regards, *Fazlan Nazeem | *Associate Technical Lead | WSO2 Inc Mobile : +94772338839 | [email protected]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
