Hi guys, I have few queries on OAuth & Apikey in MG,
1. After passing the OAuth Header in cURL I am getting 403 Forbidden
curl -i -H "Authorization: Bearer JWT" http://localhost:8000/hello/echo HTTP/1.1 403 Forbidden content-type: application/json Date: Thu, 15 Jun 2017 06:44:15 GMT Connection: keep-alive Content-Length: 25 {"error":"access_denied"}
2. I re-generated the access_token(JWT),
curl -i -H "Authorization: Bearer newJWT" http://localhost:8000/hello/echo HTTP/1.1 401 Unauthorized content-type: application/json Date: Thu, 15 Jun 2017 07:51:54 GMT Connection: keep-alive Content-Length: 25 {"error":"invalid_token"}
2. In the doc for implementing OAuth & Api we are adding same oauth plugin is to the plugins:sequence
element. So by doing this when I call,
curl -i http://localhost:8000/hello/echo -H 'x-api-key: apikey12345' HTTP/1.1 401 Unauthorized content-type: application/json Date: Thu, 15 Jun 2017 07:38:21 GMT Connection: keep-alive Content-Length: 84 {"error":"invalid_token"}
I am using the correct consumer key from App and have also added MG auth & hello proxies to a product. Am I missing something?
Without the oauth sequence I get 200OK and spike arrest plugin sequence works normally.
Primary use cases of MG .. .. Continue processing messages if internet connection is temporarily lost.
Can someone explain about this?
Solved! Go to Solution.
Item #1: The very likely cause for this failure is an incorrectly created API Product. A microgateway API Product must have:
Item #2: The invalid_token message appears when the JWT token is badly formatted.
Item #3: In this case, it appears the API Key was invalid.
Microgateway is designed to continue processing API traffic even if it looses connection to Apigee Edge (hosted on cloud or on prem).
Item #1: The very likely cause for this failure is an incorrectly created API Product. A microgateway API Product must have:
Item #2: The invalid_token message appears when the JWT token is badly formatted.
Item #3: In this case, it appears the API Key was invalid.
Microgateway is designed to continue processing API traffic even if it looses connection to Apigee Edge (hosted on cloud or on prem).