It didn't look like synapse gateway did a differentiation between these two cases. +Rajith Roshan <raji...@wso2.com> tested it. API Key didn't work in Auth header simply because there was a missing attribute in the JWT. It doesn't result in "Invalid JWT token" or similar error as expected.
On Mon, Dec 9, 2019 at 4:34 PM Fazlan Nazeem <fazl...@wso2.com> wrote: > We should be identifying both separately already in the synapse gateway. > Have you checked how it has been done and stick to the same if possible for > consistency? > > On Mon, Dec 9, 2019 at 3:56 PM Amali Matharaarachchi <ama...@wso2.com> > wrote: > >> Hi all, >> >> We need to differentiate the API Key from a normal JWT token. The API Key >> is a simple JWT but when an API Key is provided we need to authenticate the >> user as well. >> For this purpose, we added the additional claim "apiKey" to the issuing >> JWT. If it is present in the token, it will be recognized as an API Key. >> I highly appreciate if you have any suggestions regarding this. >> >> Thanks. >> >> On Fri, Dec 6, 2019 at 3:54 PM Amali Matharaarachchi <ama...@wso2.com> >> wrote: >> >>> Hi Harsha, >>> >>> Will the token endpoint is default one and provide an option to point to >>>> the key manager in a standard deployment? >>> >>> >>> Configurations similar to the following are added to micro-gw.conf file >>> to enable the self JWT issuer and to provide related configurations [1]. >>> >>> [jwtTokenConfig]issuer="https://localhost:9443/oauth2/token"audience="http://org.wso2.apimgt/gateway"certificateAlias="wso2apim"validateSubscription=false >>> [jwtTokenConfig.jwtIssuer]enabled=falsevalidityPeriod=600keyStoreAlias="ballerina" >>> >>> >>> >>>> What's the endpoint that we going to provide and how the request would >>>> look like to get a key? >>> >>> >>> The token endpoint would issue the self JWT token when JWT issuer is >>> enabled in the config [2]. >>> >>> curl -X get "https://localhost:9096/token"; -H "Authorization:Basic >>> Z2VuZXJhbFVzZXIxOnBhc3N3b3Jk" -k >>> >>> [1] >>> https://github.com/wso2/product-microgateway/issues/897#issuecomment-561996404 >>> [2] >>> https://github.com/wso2/product-microgateway/issues/897#issuecomment-562422055 >>> >>> On Fri, Dec 6, 2019 at 3:03 PM Amali Matharaarachchi <ama...@wso2.com> >>> wrote: >>> >>>> Hi all, >>>> There is a Slack Discussion[1] in #microgateway channel as well. >>>> >>>> [1] https://wso2-apim.slack.com/archives/CLY1W0NSK/p1575007973020900 >>>> <https://www.google.com/url?q=https://wso2-apim.slack.com/archives/CLY1W0NSK/p1575007973020900&sa=D&source=hangouts&ust=1575710969667000&usg=AFQjCNGG0eIVN13izofrh7vcvPxPyP-NYA> >>>> >>>> On Fri, Dec 6, 2019 at 2:48 PM Harsha Kumara <hars...@wso2.com> wrote: >>>> >>>>> Please discuss this in public groups. >>>>> >>>>> What's the endpoint that we going to provide and how the request would >>>>> look like to get a key? >>>>> >>>>> Will the token endpoint is default one and provide an option to point >>>>> to the key manager in a standard deployment? >>>>> >>>>> >>>>> On Fri, Dec 6, 2019 at 2:31 PM Amali Matharaarachchi <ama...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> We are planning to add a feature for issuing simple JWTs which are to >>>>>> be used in Microgateway. Please refer GitHub issue [1] for more >>>>>> information. >>>>>> >>>>>> This feature addresses the user story "As a developer, I would like >>>>>> to invoke my micro gateway API easily without configuring a key >>>>>> manager". A >>>>>> self-contained JWT token should be issued as the API key by the >>>>>> Microgateway server without communicating with an external Key >>>>>> Manager. This API key would later use to authenticate the user when >>>>>> invoking an API. >>>>>> >>>>>> A token endpoint secured with basic authentication would be provided >>>>>> to issue the API Key. When invoked with this API Key, API key's sub claim >>>>>> could be used to authenticate the user and validate that the user has the >>>>>> privilege. >>>>>> >>>>>> JWT token format would be similar to: >>>>>> header >>>>>> { >>>>>> "alg": "RS256", >>>>>> "typ": "jwt", >>>>>> "kid": "ballerina" >>>>>> } >>>>>> payload >>>>>> { >>>>>> "sub": "generalUser1", >>>>>> "iss": "https://localhost:9443/oauth2/token";, >>>>>> "exp": 1575620540, >>>>>> "iat": 1575619940, >>>>>> "jti": "bb38e533-e127-4991-95a2-7a383e634eba", >>>>>> "aud": "http://org.wso2.apimgt/gateway";, >>>>>> "apiKey": true >>>>>> } >>>>>> >>>>>> We highly appreciate your suggestions. Thank you. >>>>>> >>>>>> [1] https://github.com/wso2/product-microgateway/issues/897 >>>>>> -- >>>>>> *Amali Lakshika* >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> *Software EngineerWSO2 Inc.: https://wso2.com >>>>>> <http://wso2.com/>lean.enterprise.middle-waremobile: **+94 71 932 >>>>>> 1861* >>>>>> >>>>>> *skype: amali.94d* >>>>>> >>>>>> <http://wso2.com/signature> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> *Harsha Kumara* >>>>> >>>>> Technical Lead, WSO2 Inc. >>>>> Mobile: +94775505618 >>>>> Email: hars...@wso2.coim >>>>> Blog: harshcreationz.blogspot.com >>>>> >>>>> GET INTEGRATION AGILE >>>>> Integration Agility for Digitally Driven Business >>>>> >>>> >>>> >>>> -- >>>> *Amali Lakshika* >>>> >>>> >>>> >>>> >>>> *Software EngineerWSO2 Inc.: https://wso2.com >>>> <http://wso2.com/>lean.enterprise.middle-waremobile: **+94 71 932 1861* >>>> >>>> *skype: amali.94d* >>>> >>>> <http://wso2.com/signature> >>>> >>>> >>> >>> >>> -- >>> *Amali Lakshika* >>> >>> >>> >>> >>> *Software EngineerWSO2 Inc.: https://wso2.com >>> <http://wso2.com/>lean.enterprise.middle-waremobile: **+94 71 932 1861* >>> >>> *skype: amali.94d* >>> >>> <http://wso2.com/signature> >>> >>> >> >> >> -- >> *Amali Lakshika* >> >> >> >> >> *Software EngineerWSO2 Inc.: https://wso2.com >> <http://wso2.com/>lean.enterprise.middle-waremobile: **+94 71 932 1861* >> >> *skype: amali.94d* >> >> <http://wso2.com/signature> >> >> > > > -- > Thanks & Regards, > > *Fazlan Nazeem | *Associate Technical Lead | WSO2 Inc > Mobile : +94772338839 | fazl...@wso2.com > > > -- *Praminda Jayawardana* | Associate Technical Lead | WSO2 Inc. (m) +94 (0) 716 590918 | (e) prami...@wso2.com GET INTEGRATION AGILE Integration Agility for Digitally Driven Business
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
