Re: [Apiman-user] Plugins
I got it . then maybe this is not something i want to do now.
The only reason i was thinking about using plans , is because i have
multiple services and i dont want to setup policies for each one of them .
If i remember correctly, If i setup an application then the URL will change
, which i dont need to.
I only want services to be secured with the same set of policies. any
thoughts ?
On Thu, Aug 20, 2015 at 3:34 PM, Eric Wittmann <eric.wittmann(a)redhat.com>
wrote:
Also I should point out that you can only use plans if you also
create at
least one application (so that you can create a contract between the
application and the service). Plans don't make sense without an
application, because without an API Key we won't know which plan is in use
for a particular request.
-Eric
On 8/20/2015 2:22 PM, Fadi Abdin wrote:
> I think i'm good now .. I was able to make a test service and passes
>
> but i think i found bug .. If i created a plan and set it up with same
> policies i setup directly into the service with cors and keycloak , the
> service that with the plan by passes keycloak and let me in even with
> the browser directly . but the service setup with policies directly
> inside it displays "OAuth2 'Authorization' header or
'access_token'
> query parameter must be provided." .. which is correct .
>
Attachments:
- attachment.html (text/html — 2.0 KB)