Logic Apps Custom Connector未将授权标头传递给API Management端点 [英] Logic Apps Custom Connector not passing Authorization Header to API Management endpoints

问题描述

您好，

我正在努力解决与Azure Logic Apps自定义连接器的安全性相关的问题。我们有一个Auth0身份管理解决方案，我已经设置了我的自定义连接器以使用通用的oauth2安全模板。我的API定义还包括应用于所有路径的
对应安全架构。 

I am struggling with an issue related to security of an Azure Logic Apps custom connector. We have an Auth0 identity management solution and I have setup my custom connector to use the generic oauth2 security template. My API definition also includes the corresponding security schema applied to all paths. 

使用相同的open api规范我可以将规范导入Postman，添加Authorization标头{承载{有效承载令牌}}并且这些请求都是成功的。

Using the same open api spec I can import the spec into Postman, add the Authorization header {Bearer {valid bearer token}} and these requests are successful.

我通过自定义连接器执行相同的操作时获得401，我尝试了几件事，所有这些都导致了获得401未授权的相同结果。我可以确认工作流程，特别是自定义连接器组件
是从我们的auth0身份管理服务器获取访问令牌，但是看起来好像这些没有应用于对API管理资源的请求。 

I am getting a 401 when performing the same exact operations via the custom connector, I have tried several things and all have led to the same result of getting 401 unauthorized. I can confirm that the workflow and specifically the custom connector component is getting access tokens from our auth0 identity management server however it appears as though these are not being applied to the requests being made to the API management resource. 

提前感谢您的任何帮助/支持。

Thanks in advance for any help/support.

推荐答案

如果我使用通用OAuth2进行安全保护，它会将Authorization标头传递给相应的端点吗？

If I use Generic OAuth2 for Security, will it pass the Authorization header to the appropriate endpoints?

我们验证了连接器是从我们的auth服务器获取访问令牌，但它没有将令牌传递给我们的端点。

We verified the connector is getting an access token from our auth server, but it's not passing the token to our endpoints.

根据我在这篇博客中的内容，这将是任何这些auth类型的预期行为。

Based on what I'm reading in this blog, that would be the expected behavior for any of these auth types.

https：//www.serverless360 .com / blog / custom-connectors-in-azure-logic-apps

https://www.serverless360.com/blog/custom-connectors-in-azure-logic-apps

具体来说：" 我们需要解决的下一个标签是  安全性 。
这是我们的Open API规范文件中包含的信息。在我们的例子中，Fantasy Data API依赖于   API密钥  到
身份验证。当您在他们的网站上创建一个帐户时，他们会为您提供两个API密钥。他们使用此密钥对您进行身份验证，但也可以跟踪您的使用情况。这些参数存在于我们的Open API规范文件中，我们无需对
进行任何更改 r参数标签，参数名称或参数位置。  在幕后，Logic Apps
将使用此信息组合一个标题，该标题将以预期的方式传递给Fantasy Data API。"

Specifically: "The next tab we need to address is Security. Once again this is information that will be included in our Open API spec file. In our case, the Fantasy Data API depends upon an API Key to authenticate. When you create an account on their site, they provide you with two API keys. They use this key to authenticate you, but also to track your usage. Since all of these parameters are there in our Open API spec file, we do not need to make any changes to our Parameter label, Parameter name or Parameter location. Under the hood, Logic Apps will use this information to assemble a header that will be passed to the Fantasy Data API in a manner that it expects."

这篇关于Logic Apps Custom Connector未将授权标头传递给API Management端点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！