Currently the OpenAPI (Swagger) document published via ActiveDocs does not include securityDefinitions section and in order for the exposed API to used in Fuse Online as Custom API client connector that information needs to be present otherwise no authentication will be provided to the APIcast and access will be denied.
We need support for securityDefinitions for the following cases.
API Key authentication
I've noticed that by default HTTP parameters are used for API Key authentication and that the OpenAPI document in ActiveDocs declares the API Key parameter as one of the request parameters of an operation. Whereas in Fuse Online we rely on securityDefinitions to distinguish between operation parameters that are available in the integration editor and the Atlasmap and connection parameters that are defined outside integration.
Here are examples of API Key authentication securityDefinitions:
- API Key authentication provided in user-key HTTP header:
securityDefinitions: user-key: type: apiKey name: user-key in: header
- API Key authentication provided in user_key query parameter:
securityDefinitions: user-key: type: apiKey name: user_key in: query
OAuth authentication
In testing OAuth token wasn’t accepted by 3scale (I got HTTP/1.1 403 Forbidden with Authentication failed in the body), further testing is required to make sure the OAuth client in Fuse Online and 3scale OAuth authentication (configured with RH SSO 7.2) perform correctly.
In the securityDefinitions of the OpenAPI 2.0 document we need the following:
securityDefinitions: oauth2: type: oauth2 flow: accessCode authorizationUrl: 'https://rhsso-hostname/auth/realms/master/protocol/openid-connect/auth' tokenUrl: 'https://rhsso-hostname/auth/realms/master/protocol/openid-connect/token' scopes: {...}
The URLs are to the best of my knowledge correct for the OAuth usage with RH SSO and 3scale.
By default Fuse Online will request all OAuth scopes listed in the security definition in the OAuth exchange.
HTTP Basic authentication
Not supported by 3scale to the best of my knowledge, it is supported in Fuse Online. To specify HTTP Basic authentication is used to protect the service following securtyDefinitions can be provided:
securityDefinitions:
username_password:
type: "basic"
- blocks
-
ENTESB-11338 Fuse Online clients to use 3scale managed API's
-
- Closed
-
- is related to
-
THREESCALE-2653 Fuse reverse discovery
-
- Closed
-