Reputation: 769
Prevent WSO2 AM of dropping authorization token from request
As per documentation
When you send an API request to the backend, you pass a token in the Authorization header of the request. The API Gateway uses this token to authorize access, and then drops it from the outgoing message. link
I want to pass this token to the backend for every published API. What is the correct place to configure such behavior?
Upvotes: 4
Views: 759
Answers (3)
Reputation: 144
simple solution: use swagger instead of openapi in API Definition.
Upvotes: 0
Reputation: 960
From API Manager version 3.0.0 onwards configuration model has been changed. So any changes done in api-manager.xml get reverted after the server restart.
Now we need to change <API-M_HOME>/repository/conf/deployment.toml
Uncomment and set the following lines:
[apim.oauth_config]
enable_outbound_auth_header = true
enable_outbound_auth_headerstring Default: FALSE If TRUE, sends Auth header to the backend as received from the client.
Upvotes: 4
Reputation: 12502
Uncomment below configuration in repository/conf/api-manager.xml and set false.
<RemoveOAuthHeadersFromOutMessage>true</RemoveOAuthHeadersFromOutMessage>
Upvotes: 4
Related Questions
- WSO2 AM access token expires after one access time
- WSO2 API Manager 3.2 disable the access-token
- WSO2 API Manager authorization issue when logging in
- wso2-am 2.1.0 jwt token expiration
- Requesting Access Token from WSO2 API Manager via Token API
- JWT handling with WSO2-AM
- wso2 calling API's without token
- WSO2 API Manager, is it possible to disable the access-token mechanism
- WSO2 Api Manager 1.7 : Unable to regenerate access token
- WSO2 API Manager - Tokens become inactive