Re: [Apiman-user] Forwarding HTTP requests to service implementations secured by OAuth

Wednesday, 18 November 2015

Hi Ton,

Just to clarify. From what I understand, you're trying to secure communications
between the apiman gateway and back-end service using OAuth2/OpenID Connect?

I.e. You are *not* OAuth2 simply between the client to the apiman gateway.

Regards,
Marc

On 18/11/2015 14:34, Ton Swieb wrote:
...
 Hi,

 I am using Apiman 1.1.8.Final and I want to use a backend service in
 Apiman which is secured by OAuth.
 So instead of securing the Apiman side of the service, using the
 Keycloak OAuth plugin, Apiman needs forward calls to a service
 implementation that is secured by OAuth. I have got an OAuth token with
 a very long time to live (days/weeks/months) which I can use.

 Currently I only see the option to configure BASIC Authentication or
 MTLS/Two-Way-SSL on the service implementation.
 Would it be possible to add the HTTP Simple Header policy to the service
 and set the Authorization header with "Bearer........." or will that be
 stripped off by Apiman when forwarding the call to the backend service?

 Kind regards,

 Ton

 _______________________________________________
 Apiman-user mailing list
 Apiman-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/apiman-user

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [Apiman-user] Forwarding HTTP requests to service implementations secured by OAuth