Re: [Apiman-user] Forwarding HTTP requests to service implementations secured by OAuth

Hi Ton, Just to clarify. From what I understand, you're trying to secure communications between the apiman gateway and back-end service using OAuth2/OpenID Connect? I.e. You are *not* OAuth2 simply between the client to the apiman gateway. Regards, Marc On 18/11/2015 14:34, Ton Swieb wrote: > Hi, > > I am using Apiman 1.1.8.Final and I want to use a backend service in > Apiman which is secured by OAuth. > So instead of securing the Apiman side of the service, using the > Keycloak OAuth plugin, Apiman needs forward calls to a service > implementation that is secured by OAuth. I have got an OAuth token with > a very long time to live (days/weeks/months) which I can use. > > Currently I only see the option to configure BASIC Authentication or > MTLS/Two-Way-SSL on the service implementation. > Would it be possible to add the HTTP Simple Header policy to the service > and set the Authorization header with "Bearer........." or will that be > stripped off by Apiman when forwarding the call to the backend service? > > Kind regards, > > Ton > > > _______________________________________________ > Apiman-user mailing list > Apiman-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > >