使用 WSO2 API 管理器的 URL 请求中的授权承载 [英] Authorization Bearer in URL Request using WSO2 API Manager

问题描述

有没有办法将授权承载放在 URL 请求中?访问我的 API 的 curl 命令是这样的:

Is there a way to put the authorization bearer in the URL request? The curl command to access my API is this:

curl -X GET --header 'Accept: application/xml' --header '授权:承载 ebcd41ac-3466-3262-8c8e-3c73c987dbde' 'https://gateway.api.cloud.wso2.com:443/t/jab7180/prod/1.0.0/inquire/promos/IBM'

curl -X GET --header 'Accept: application/xml' --header 'Authorization: Bearer ebcd41ac-3466-3262-8c8e-3c73c987dbde' 'https://gateway.api.cloud.wso2.com:443/t/jab7180/prod/1.0.0/inquire/promos/IBM'

但是如果我在浏览器中使用 https://gateway.api.cloud.wso2.com:443/t/jab7180/prod/1.0.0/inquire/promos/IBM，我收到此错误消息:

But if I use the request URL in my browser using https://gateway.api.cloud.wso2.com:443/t/jab7180/prod/1.0.0/inquire/promos/IBM, I am getting this error message:

Code = 900902
Message: Missing credentials
Description: Required OAuth credentials not provided. Make sure your API invocation call has a header: "Authorization: Bearer ACCESS_TOKEN"

我希望你能帮我解决这个问题，因为我只想通过浏览器而不是 curl 命令访问我的 API.谢谢.

I hope you can help me with this because I want to access my API just by the browser and not by curl command. Thanks.

推荐答案

API 管理器使用 org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler 使用 OAuth 验证对网关的请求身份验证令牌.要更改此行为，您有三个选项:

API Manager uses org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler to authenticate requests to the gateway using OAuth authentication tokens. To change this behavior, you have three options:

1. 从网关上的 API 定义中删除身份验证处理程序(或从速度模板中删除，以应用于所有 API 发布).
2. 创建您自己的身份验证处理程序并替换 API 定义和/或速度模板中的默认身份验证处理程序.请参阅:https://docs.wso2.com/display/AM200/Writing+自定义+处理程序
3. 创建一个接受授权查询字符串参数的新处理程序，并将该值添加到传入请求的标头中.在您的 API 的处理程序工作流中的身份验证处理程序之前添加此处理程序.

1. Delete the authentication handler from your API definition on the gateway (or from the velocity template, to apply to all API publishing).
2. Create your own authentication handler and replace the default authentication handler in the API definitions and/or velocity template. See: https://docs.wso2.com/display/AM200/Writing+Custom+Handlers
3. Create a new handler that takes an authorization query string parameter and adds the value to the headers of the incoming request. Add this handler before the authentication handler in the handler workflow for your API.

话虽如此，你为什么要这样做?有许多 GUI 可以使发送 HTTP 请求与使用浏览器一样直接(https://www.getpostman.com/) 所以除非你有很好的理由改变这种行为，否则你可能不应该这样做.

That being said, why do you want to do this? There are a number of GUIs available that make sending HTTP requests just as straight-forward as using a browser (https://www.getpostman.com/) so unless you have a very good reason to change this behavior, you probably should not.

这篇关于使用 WSO2 API 管理器的 URL 请求中的授权承载的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！