This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Edgemicrogateway and Basic Authorization header

Posted on 03-09-2018 06:23 AM
apininja
Staff
Reply posted on --/--/---- --:-- AM

I am using edgemicro in front of an internal API that needs a Basic Authorization header. I also enabled oauth plugin on the edgemicro so that it validates the x-api-key header.

The problem is that it seems as if the edgemicro is validating the Basic Authorization header that is really meant for the backend. Edgemicro is complaining that the token is invalid, and that's right, as it's a Basic Authorization header and not an oauth token at all. Edgemicro should disregrard the Authroization header.

Am I doing something wrong? Or is there a way to tell edgemicro not to validate the Authorization header?

Solved Solved
0 5 1,143
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Former Community Member
Not applicable
Reply posted on --/--/---- --:-- AM

There are two parts to this:

1) In the OAuth plugin, set allowAPIKeyOnly = true. See here for reference (https://docs.apigee.com/api-platform/microgateway/2.5.x/operation-and-configuration-reference-edge-microgateway). This will cause the plugin to ignore the Authorization header completely.

2) Use the bauth plugin or a custom plugin. The bauth plugin (short for basic auth) doesn't actually validate the credentials, it validates the format and decodes the user and password into variables for access in a subsequent (custom) plugin. In your case, you may not need the custom plugin, but still use the bauth plugin to check for format.

View solution in original post

Jump to Solution
5 REPLIES 5
Top Solution Authors
View all