How to pass authorization header in WSO2 OAuth2 and its backend API server Oauth2?

2
votes

Both of the WSO2 API manager and its backend API server(on Azure) are using OAuth2.

They all use the same header as follow:

WSO2 API manager

Authorization: Bearer 72135e9f1dc96201949351261284dc7

API server

Authorization: Bearer MfGb9pnTEGVWmDyjlfSZjlxhc8pFtef

I use Rest client to do the test. I find that I can pass the WSO2 API Manager OAuth2, but can not pass the API Server OAuth2.

the message is: "Authorization has been denied for this request." return by the API Server.

How can I solve this issue by reconfigure WSO2 API Manager ?

Thanks a lot.

3
wso2-am

3 Answers

3
votes

What happens when a request comes to the WSO2 API Manager with an authorization header is that, it will read the token, validate that against the key manager and drop that token before calling the back end API server. If you want add another authorization header to the back end API server, you can define a mediation extension[1] in sequence in the API and add the authorization token through a header mediator.

<header name="Authorization" value="Bearer MfGb9pnTEGVWmDyjlfSZjlxhc8pFtef"/>

[1] https://docs.wso2.com/display/AM190/Adding+Mediation+Extensions

1
votes

This is exactly what you want:

https://docs.wso2.com/display/AM190/Pass+a+Custom+Authorization+Token+to+the+Backend

You make your second authorizatoion header "Custom". And then after wso2 processed your request, it changes back to "Authorization" header via this mediation mentioned above.

I have implemented in several projects and it did work perfectly.

Hope this helps.

0
votes

You might want to try route your WSO2 API through an api on ESB , and add the new OAuth2 header(for the Azure api) inside a new message(for instance inside a Header mediator) , then send it through to your back-end api.

You cannot re-use the same OAuth token.