Loading...

XML

Word

Printable

Details

Type: Enhancement
Resolution: Obsolete
Priority: Major
Fix Version/s: None
Affects Version/s: 2.2 CR2
Component/s: System
Labels:
- icebox

3Scale PT Tested upstream:
Not Started
3scale PT Docs:
Not Started
3scale PT Product Specs:
Not Started
3scale PT Product Update Ready:
Not Started
3scale PT Released In Saas:
Not Started
3scale PT Verified Product:
Not Started

SFDC Cases Counter:
SFDC Cases Links:

Description

Currently the OpenAPI (Swagger) document published via ActiveDocs does not include securityDefinitions section and in order for the exposed API to used in Fuse Online as Custom API client connector that information needs to be present otherwise no authentication will be provided to the APIcast and access will be denied.

We need support for securityDefinitions for the following cases.

API Key authentication

I've noticed that by default HTTP parameters are used for API Key authentication and that the OpenAPI document in ActiveDocs declares the API Key parameter as one of the request parameters of an operation. Whereas in Fuse Online we rely on securityDefinitions to distinguish between operation parameters that are available in the integration editor and the Atlasmap and connection parameters that are defined outside integration.

Here are examples of API Key authentication securityDefinitions:

API Key authentication provided in user-key HTTP header:

securityDefinitions:
  user-key:
    type: apiKey
    name: user-key
    in: header

API Key authentication provided in user_key query parameter:

securityDefinitions:
  user-key:
    type: apiKey
    name: user_key
    in: query

OAuth authentication

In testing OAuth token wasn’t accepted by 3scale (I got HTTP/1.1 403 Forbidden with Authentication failed in the body), further testing is required to make sure the OAuth client in Fuse Online and 3scale OAuth authentication (configured with RH SSO 7.2) perform correctly.

In the securityDefinitions of the OpenAPI 2.0 document we need the following:

securityDefinitions:
  oauth2:
    type: oauth2
    flow: accessCode
    authorizationUrl: 'https://rhsso-hostname/auth/realms/master/protocol/openid-connect/auth'
    tokenUrl: 'https://rhsso-hostname/auth/realms/master/protocol/openid-connect/token'
    scopes: {...}

The URLs are to the best of my knowledge correct for the OAuth usage with RH SSO and 3scale.

By default Fuse Online will request all OAuth scopes listed in the security definition in the OAuth exchange.

HTTP Basic authentication

Not supported by 3scale to the best of my knowledge, it is supported in Fuse Online. To specify HTTP Basic authentication is used to protect the service following securtyDefinitions can be provided:

securityDefinitions:
  username_password:
    type: "basic"

Attachments

Issue Links

blocks

ENTESB-11338 Fuse Online clients to use 3scale managed API's

Done

is related to

THREESCALE-2653 Fuse reverse discovery

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Zoran Regvart

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2019/09/03 8:52 AM

Updated:: 2024/01/30 4:50 PM

Resolved:: 2024/01/30 4:50 PM