Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-1080

In OIDC mode authorization mechanism is not working properly

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 2.2.1
    • 2.2 GA, SaaS
    • Gateway

    Description

      When using OpenID Connect mode the authorization doesn't work as expected – only every second call is reported.

      This happens because of the following:
      1) when the request is not cached in APIcast, the JWT token is parsed, and app_id is extracted from it that is used in oauth_authrep.xml call. The whole JWT token is stored in internal APIcast cache
      2) on consequent calls there is a cache hit, and the stored access_token=<JWT> is used for making the oauth_authrep.xml call in post_action. As the access token is not stored in backend in this mode, the call fails, the cache is removed from APIcast, and on the next call it will start from 1) again.
      This is not correct, the expected behavior is for APIcast to extract app_id from the cached JWT token and use it in the oauth_authrep.xml call instead of access_token.

      Attachments

        Activity

          People

            Unassigned Unassigned
            rhn-support-dmayorov Daria Mayorova
            Peter Stanko Peter Stanko (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: