EMG - JWT token validated against both API Proxies and Resource URI in OAUTH

anonymous · October 12, 2016, 5:53pm

The inbuilt plugin for EMG OAuth validates both the APIProxies and Resource URIs in the Product against the JWT token payload product details. Why both needs to be validated (Proxy and Resource URIs)?

If I want to do only resource URI verification, not the API Proxy , is there any way I can do that?

const checkIfAuthorized = module.exports.checkIfAuthorized = function checkIfAuthorized(config, urlPath, proxy, decodedToken)

{ if (!decodedToken.api_product_list) { return false; } return decodedToken.api_product_list.some(function (product) { const validProxyNames = config.product_to_proxy[product]; if (!validProxyNames) { return false; } const apiproxies = config.product_to_api_resource[product]; var matchesProxyRules = false; if(apiproxies && apiproxies.length){

anonymous · October 14, 2016, 7:17pm

This behaviour is not consistent with Edge.

@kevinswiber - this looks like a defect.

anonymous · May 31, 2017, 10:46am

Was that bug fixed in recent EMG versions?

anonymous · May 31, 2017, 1:04pm

No @Francois-Xavier KOWALSKI, this has not been fixed yet.

anonymous · June 26, 2017, 4:26pm

Internal ticket has been labeled cs critical for this bug. Awaiting update from engineering

Topic		Replies	Views
Issue with oauth plugin in EMG 2.5.4 Apigee api-runtime	1	0	October 12, 2017
EMG Configuration with proxy Tag failing api-key validation Apigee api-runtime	2	3	October 12, 2017
When using the edgemicro gateway in the products which url needs whitelisting in the products used under resources? In addition to the proxy being added to the product? Apigee api-runtime	1	7	January 15, 2016

EMG - JWT token validated against both API Proxies and Resource URI in OAUTH

AI Suggested topics