堆栈内存溢出
  简体   繁体   English

需要访问令牌以进行授权,并且访问令牌与具有基本身份验证的另一项服务一起提供。 WSO2有这个功能吗?

[英]need access token to authorization and access token is provided with another service with Basic Auth. Does WSO2 have this feature?

 原文  2022-08-22 15:03:19       wso2/ wso2-esb/ access-token/ basic-authentication/ wso2-api-manager

问题描述

I need this feature in WSO2 Publisher or Devportal: I have one api that need dynamic access token and Also I have another api with static Basic Authentication to provide that dynamic Access Token. I need this feature in WSO2 Publisher or Devportal: I have one api that need dynamic access token and Also I have another api with static Basic Authentication to provide that dynamic Access Token. Unfortunately I could not solve this with mediation.不幸的是,我无法通过调解解决这个问题。 The policy is simple But I don't know whether WSO2 has this simple feature or not?策略很简单但是不知道WSO2有没有这个简单的功能?

process: token api with basic Auth ==> provide dynamic access token ==> use access token in main api body and send.过程:令牌 api 与基本身份验证 ==> 提供动态访问令牌 ==> 在主 api 正文中使用访问令牌并发送。 Main API is our Endpoint in WSO2 API.主要的 API 是我们在 WSO2 API 中的端点。 I could not solve this with Endpoint Security(Oauth2) and mediation(XML).我无法使用 Endpoint Security(Oauth2)和中介(XML)解决这个问题。 Version of WSO2-AM is 4.1.0 and this version is latest now. WSO2-AM 的版本是 4.1.0,这个版本是最新的。 在此处输入图像描述

1 个解决方案

解决方案1
 0  2022-08-25 21:36:22

Have you thought about using a vault, such as Hashicorp Vault, to fetch the the basic auth credentials.您是否考虑过使用诸如 Hashicorp Vault 之类的保险库来获取基本身份验证凭据。

From there use a custom sequence [2] that gets the token (step 1 in your diagram) and then get the token check results you need (step 2).从那里使用自定义序列 [2] 获取令牌(图中的步骤 1),然后获取您需要的令牌检查结果(步骤 2)。

[1] https://apim.docs.wso2.com/en/latest/install-and-setup/setup/mi-setup/security/using-hashicorp-secrets/ [1] https://apim.docs.wso2.com/en/latest/install-and-setup/setup/mi-setup/security/using-hashicorp-secrets/

[2] https://apim.docs.wso2.com/en/latest/reference/mediators/sequence-mediator/ [2] https://apim.docs.wso2.com/en/latest/reference/mediators/sequence-mediator/

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 wso2 访问令牌验证 API 来自 POSTMAN 的调用失败 - wso2 access token validation API call from POSTMAN fails 在 WSO2 API-Manager 中创建一个新的访问令牌而不撤销前一个访问令牌 - Creating a new access token without revoking the previous one in WSO2 API-Manager 访问令牌没有 openid scope - Access token does not have the openid scope Javascript 应用程序无法从 WSO2 网关生成访问令牌 URL - Javascript application is unable to generate access token from WSO2 gateway URL 为什么未订阅的应用程序令牌可以用于访问 WSO2 APIM 端点? - Why unsubscribed Application token can be used to access WSO2 APIM endpoint? 具有 Azure AD SAML 集成的 Cognito 授权返回 id_token 和 access_token 但没有刷新令牌 - Cognito Authorization with Azure AD SAML integration returns id_token and access_token but no refresh token 当前访问令牌已过期时,我如何获取新的访问令牌,谷歌 firebase 身份验证? - How i get new access token when current access token has expired, google firebase auth? 无法访问wso2升级文档 - Cannot access wso2 upgrade document GCP SQL 代理无法生成访问令牌; IAM 返回 403 Forbidden:调用者没有权限 - GCP SQL proxy Unable to generate access token; IAM returned 403 Forbidden: The caller does not have permission 在 WSO2 APIM 4.0.0 令牌 API 响应中包含 CORS 标头 - Include CORS Headers in WSO2 APIM 4.0.0 Token API Response
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM