[Dev] Gateway cache clearing for regenerated and revoked tokens

Sat, 17 May 2014 08:20:06 -0700 

Hi All,
We found following issues in gateway cache when we regenerate application
tokens from API store user interface(or calling revoke API).

01. If we generate new application access token from ui old tokens remain
as active in gateway cache.
02. If we use revoke API deployed in gateway it will clear only super
tenants cache.

To address these issues recently we introduced new parameter named
RevokeAPIURL. In distributed deployment we need to configure this parameter
in API store node. Then it will call API pointed by RevokeAPIURL parameter.
RevokeAPIURL parameter should be pointed to revoke API deployed API gateway
nodes. If it is gateway cluster we can point to one node. So from this
release on wards all revoke requests will route to oauth service through
revoke API deployed in API manager. When revoke response route through
revoke API cache clear handler will invoke. Then it will extract relevant
information form transport headers and clear associated cache entries. In
distributed deployment we should configure followings.

01. In key manager node, point gateway API revoke end point as follows.
<!-- This the API URL for revoke API. When we revoke tokens revoke requests
should go through this
             API deployed in API gateway. Then it will do cache
invalidations related to revoked tokens.
     In distributed deployment we should configure this property in key
manager node by pointing
     gateway https url. Also please note that we should point gateway
revoke service to key manager-->
<RevokeAPIURL>https://
${carbon.local.ip}:${https.nio.port}/revoke</RevokeAPIURL>

02. In API gateway revoke API should be pointed to oauth application
deployed in key manager node.
  <api name="_WSO2AMRevokeAPI_" context="/revoke">
        <resource methods="POST" url-mapping="/*"
faultSequence="_token_fault_">
            <inSequence>
                <send>
                    <endpoint>
                        <address uri="
https://keymgt.wso2.com:9445/oauth2/revoke"/>
                    </endpoint>
                </send>
            </inSequence>
            <outSequence>
                <send/>
            </outSequence>
        </resource>
        <handlers>
            <handler
class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerCacheExtensionHandler"/>
        </handlers>
    </api>

We need to add this to our product documents as well.


Thanks,
sanjeewa.
-- 

*Sanjeewa Malalgoda*
WSO2 Inc.
Mobile : +94713068779

 <http://sanjeewamalalgoda.blogspot.com/>blog
:http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/>

_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to