This documentation is for WSO2 Microgateway 3.0.0. View documentation for the latest release.
API Microgateway Documentation

All docs This doc
Expand all   Collapse all
||
Skip to end of metadata
Go to start of metadata

Basic authentication is a simple HTTP authentication scheme in which the request will contain an authorization header with a valid  base64 encoded username and password.  The WSO2 API Microgateway is able to authenticate requests using basic, and OAuth2 authentication schemes, on an API level or resource level.  In addition to using these schemes individually, it is also possible to use the OAuth2 and Basic schemes at the same time. 

The following sections explain how to work with Basic Authentication on the WSO2 API Microgateway.

Enabling Basic Authentication

Configuring the WSO2 API Microgateway for Basic Authentication

Add the username and password to the WSO2 API Micrgateway configuration file. Navigate to the <MGW_HOME> /conf folder and open the “micro-gw.conf" file. Under the  ["b7a.users"] section add the username and password as follows. This will be used to validate the incoming requests with the username and password.

The password needs to be converted to the equivalent SHA1 hashed value in uppercase before adding it to the micro-gw.conf file. The SHA1 hash generator can be used to generate an uppercase SHA1 hashed value.

Format
["b7a.users.<username>"]
password="<SHA1(password)>"
Example
["b7a.users.shani"]
password="083C86287C6B92AAFE06B11D71AD2BB770942FC7"


Defining security schemes

Security schemes must be defined on the Open API definition under securitySchemes. One or more schemes can be defined at the same time. A name needs to be given for the defined security scheme. This name will be used to refer to the scheme on API level or resource level. By default the WSO2 API Microgateway uses the OAuth2 security scheme.

Below is a security scheme defined by the name of "mybasic". This name can be any arbitrary name, which will be used to identify the defined security scheme. The type:http and scheme:basic must be defined for Basic Authentication.

  components:
    securitySchemes:
      mybasic:
        type: http
        scheme: basic
      OAuth2:
        type: oauth2
        flows:
          authorizationCode:
            authorizationUrl: https://example.com/oauth/authorize
            tokenUrl: https://example.com/oauth/token
            scopes:
              read: Grants read access
              write: Grants write access
              admin: Grants access to admin operations


Applying the basic authentication security scheme

A security scheme can be specified on a resource level or to the whole API by using the section security as applicable. Following is an example of how to apply a security scheme to a resource. A resource level security scheme will override an API level security scheme.  The security scheme mybasic defined has been referred to from the resource "/pet/{petId}: by using the security section. The square brackets denote the scopes used. It is empty in this case because the basic authentication security scheme does not use scopes for authorization. For more information see swagger docs - Basic Authentication.

  "/pet/{petId}":
    get:
      tags:
      - pet
      summary: Find pet by ID
      description: Returns a single pet
      operationId: getPetById
      parameters:
      - name: petId
        in: path
        description: ID of pet to return
        required: true
        schema:
          type: integer
          format: int64
      security:
        - mybasic: []


Invoking an API using Basic Authentication

Use the cURL command below to invoke the API via the microgateway.

Format
curl -k -X GET "<API_URL>" -H  "accept: application/json" -H  "Authorization: Basic base64(username:password)"
Example
curl -k -X GET "https://localhost:9095/petstore/v1/pet/3" -H  "accept: application/json" -H  "Authorization: Basic c2hhbmk6c2hhbmkxMjM="



  • No labels
||