I'm working with an older (v1.9) version of wso2 and we are trying to basically have an endpoint with optional authentication on it. If the security on the resource is set to None, if a request comes in with a token (authenticated) it does not get sent to the backend. Is there some way to force wso2 v1.9 to do the authentication on such a route and forward the JWT to the backend if there is an Authorization header set?
0
votes
1 Answers
1
votes
In API Manager v1.9, by default it removes the Auth header from the message context and it won't pass to the backend service [1].
There is a property called RemoveOAuthHeadersFromOutMessage where you can disable removing this header [2]. But this is a system-wide config and it affects all the APIs in the system. If you set this value to false, for all the APIs it does not drop the Auth header. In that case, you can use a global sequence or custom sequence [3] to drop this auth header selectively.
Another workaround:
You can use a custom handler [4] and apply this handler before the API security handler. In this handler, you can copy the auth header value to a different header and then using a custom sequence you can copy the custom header value to auth header again. In this case you don't need to change the value for RemoveOAuthHeadersFromOutMessage. But in the handler, you have to perform this operation selectively.
[2] - https://docs.wso2.com/display/AM191/Working+with+Access+Tokens
[3] - https://docs.wso2.com/display/AM191/Adding+Mediation+Extensions
[4] - https://docs.wso2.com/display/AM191/Writing+Custom+Handlers
