英文:
WSO2 Api Manager passing user/password credentials to backend endpoint token generator
问题
我的后端微服务可以在成功的OAuth身份验证过程后访问,该过程会向客户端提供访问令牌和刷新令牌作为响应。在WSO2 Api Manager上,当定义一个新的REST API时,我通过使用OAUTH 2.0设置端点安全性并设置/保存令牌URL端点、客户端ID、客户端秘密、用户名和密码以及附加参数"scope"成功地访问了后端微服务端点。它运行正常!但是我需要从调用的API中动态传递用户名和密码到令牌端点生成器,可能是从注册到API的用户身份。否则,令牌将始终授予始终保存在端点配置数据中的相同用户凭据,无论是谁通过WSO2 Api Manager公开调用API。有什么线索吗?提前感谢!
英文:
My backend microservices can be accessed after successfull OAuth authentication process which provides in response to the client access token and refresh token. On WSO2 Api Manager, when defining a new REST API, I successfully reached a backend micro service endpoint by setting endpoint security with OAUTH 2.0 and setting/saving token URL endpoint, client-id, client-secret, username and password, plus additional parameter "scope". It works fine!
But I'd need to pass username and password dinamically to the token endpoint generator from the invoked API, possibly from the identity of the user registered to the API. Otherwise, tokens would be granted always to the same user credentials persistently saved within the endpoint configuration data, whoever is invoking the API exposed through WSO2 Api Manager. Any clue?
Thanks in advance
答案1
得分: 1
AFAIK with the default implementation, You can't really achieve this. But you can write a custom Extension like this and engage using a Mediation Extension.
Also on a different note, If you already have an IDP that takes care of token generation, why can't you just use the same token to Authenticate in both APIM layer and in the backend?
英文:
AFAIK with the default implementation, You can't really achieve this. But you can write a custom Extension like this and engage using a Mediation Extension.
Also on a different note, If you already have an IDP that takes care of token generation, why can't you just use the same token to Authenticate in both APIM layer and in the backend?
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论