wso2, Configure the header to carry the Bearer token, not working

1
votes

I am using wso2am-2.6.0 versrion and I would like to pass an existing bearer token which is different than the wso2 oauth token which wso2 is providing.

I followed the instructions given in this link:

  • Configure the header per API
  • Configuring the header for the entire organization

None of them solved my problem.

Providing the existing bearer token, after following the steps mentioned in the above link, the below is the response I am getting:

{
  "fault": {
    "code": 900901,
    "message": "Invalid Credentials",
    "description": "Access failure for API: /embargoQA/v1, version: v1 status: (900901) - Invalid Credentials. Make sure you have given the correct access token"
  }
}

Any help would be appreciated.

2
wso2wso2-am
Can you please explain further with an example?Bee
Simple I published an existing Rest API on API Publisher and on the manage Tab Configurations added an Authorization Header, as Token as explained in wso2 documentation and went to API store, to the respective API and to the management console and provided my existing bearer token and the query parameter with the tenant Id and clicked on execute. And I am getting the above mentioned response as Invalid credentials. Please let me know if i have to provide any additional information on the same.Kalyan Prasad
Please attach the API's synapse file in repository/deployment/server/synapse-configs/default/api.Bee
drive.google.com/open?id=1QBQeg8Upx9ofxwdRxTzJtT61BqzYoaDpKalyan Prasad
Hi Bee, Please let me know if you need more details on it.Kalyan Prasad

2 Answers

0
votes

It seems the API is not updated with the new header for some reason. If it was updated properly you should see it like this under the CORS handler.

  <handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
     <property name="apiImplementationType" value="ENDPOINT"/>
     <property name="AuthorizationHeader" value="Token"/>
  </handler>
0
votes

This issue is solved by doing couple of changes,

One on the api-manager.xml, un-commenting the RemoveOAuthHeadersFromOutMessage tag and making it "false" under OAuthConfigurations as shown below,

<OAuthConfigurations>
        <!-- Remove OAuth headers from outgoing message. -->
        <RemoveOAuthHeadersFromOutMessage>false</RemoveOAuthHeadersFromOutMessage>
        ..........
</OAuthConfigurations>

Second is on the manage tab while publishing the API, Under the Resource section for the respective endpoint you have select "None" option instead of selecting "Application/Application User"

With this solution we need not add Authorization Header, as Token on the manage tab while publishing the API. After doing these changes while trying it out on the API Store you can provide your Bearer token on the field meant for it and provide the required inputs click execute it should work.