How to pass authorization header in WSO2 OAuth2 and its backend API server Oauth2?

Asked 16/7, 2015 at 10:33 Answered 4/7, 2016 at 19:20

wso2-api-manager

Both of the WSO2 API manager and its backend API server(on Azure) are using OAuth2.

They all use the same header as follow:

WSO2 API manager

Authorization: Bearer 72135e9f1dc96201949351261284dc7

API server

Authorization: Bearer MfGb9pnTEGVWmDyjlfSZjlxhc8pFtef

I use Rest client to do the test. I find that I can pass the WSO2 API Manager OAuth2, but can not pass the API Server OAuth2.

the message is: "Authorization has been denied for this request." return by the API Server.

How can I solve this issue by reconfigure WSO2 API Manager ?

Thanks a lot.

Greensickness answered 16/7, 2015 at 10:33 Comment(0)

What happens when a request comes to the WSO2 API Manager with an authorization header is that, it will read the token, validate that against the key manager and drop that token before calling the back end API server. If you want add another authorization header to the back end API server, you can define a mediation extension[1] in sequence in the API and add the authorization token through a header mediator.

<header name="Authorization" value="Bearer MfGb9pnTEGVWmDyjlfSZjlxhc8pFtef"/>

[1] https://docs.wso2.com/display/AM190/Adding+Mediation+Extensions

Pilloff answered 19/7, 2015 at 13:46 Comment(0)

This is exactly what you want:

https://docs.wso2.com/display/AM190/Pass+a+Custom+Authorization+Token+to+the+Backend

You make your second authorizatoion header "Custom". And then after wso2 processed your request, it changes back to "Authorization" header via this mediation mentioned above.

I have implemented in several projects and it did work perfectly.

Hope this helps.

Subrogate answered 4/7, 2016 at 19:20 Comment(4)

Let me know if this solves your problem. I can provide more details if the link above does not address your issue. Thanks. – Subrogate 11/7, 2016 at 14:57

You may kindly mark this as an answer if that solved your issue. That will help others down the road. Thanks! – Subrogate 27/10, 2017 at 14:40

@Chanaka udaya and J D:what if the backend service has custom header and the value of the token is changing evenry 60 mins. In that case, the custom header to be passed to the backend API must also call the backend token end point. How to handle the same? – Meemeece 14/5, 2019 at 21:41

@Meemeece The link mentioned above has you covered. Please read and post back if you still have questions. – Subrogate 31/7, 2019 at 23:21

You might want to try route your WSO2 API through an api on ESB , and add the new OAuth2 header(for the Azure api) inside a new message(for instance inside a Header mediator) , then send it through to your back-end api.

You cannot re-use the same OAuth token.

Euxenite answered 16/7, 2015 at 12:33 Comment(0)

Recommended topics

Hot tags