Imported Google Group message. Original thread at: Redirecting to Google Groups Import Date: 2016-01-19 21:41:01 +0000.
Sender:Patrick Plaatje.
Date:Tuesday, 5 January 2016 20:12:50 UTC.
Hi,
In our setup we will allow users to signup to our service. This is done through a POST to our /users/ API endpoint and doesn’t require any authentication. The user is created in our service, and a basic authentication key is created in Tyk. When a user logs in by posting a request with Basic auth header to our /sessions/ endpoint, a session is created on our service and a JWT key is created through the Tyk API. In the call to create the JWT key, we include the user_id as meta_data, in order to identify the user in each subsequent call being made with the JWT key to our core API.
I now need to add the user_id from the JWT key as a header to request to the upstream API. I have tried to add “user_id: $tyk_meta.user_id” to the “GLOBAL VERSION SETTINGS” of the API, but the header does not seem to be added. I need this header to be added to any call to the API, so I’d like to avoid specifying this for each API endpoint if I can.
Anyone any ideas?
Thanks,
Patrick
Imported Google Group message.
Sender:Martin Buhr.
Date:Tuesday, 5 January 2016 21:35:12 UTC.
Hi Patrick,
I’ve just run a very similar setup (JWT ID with meta data, embedded dynamically as a global header) on a local installation of Tyk and it injected the headers fine. However, It’s worth noting that underscores are not valid for HTTP Headers, when I used user_id as a header, it got returned as user-id (hyphen).
This could be the behavior of an intervening web server, as (IIRC), nginx cleans them up or ignores them if they are invalid, other frameworks might too.
Cheers,
Martin
Imported Google Group message.
Sender:Patrick Plaatje.
Date:Tuesday, 5 January 2016 20:51:55 UTC.
Hi Patrick,
Have you verified that the meta data is present in the key if you create for the JWT in the dashboard?
Could you send a sample key object so we can check the data structure?
Global dynamic injection works so long as the path is not ignored.
To really be sure I’ll need to see your API definition too.
Cheers,
Martin
-
show quoted text -
-
show quoted text -
–
You received this message because you are subscribed to the Google Groups “Tyk Community Support” group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To view this discussion on the web, visit https://groups.google.com/d/msgid/tyk-community-support/eff7d38e-78be-4a1a-bb24-5aeb38e84909%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Imported Google Group message.
Sender:Martin Buhr.
Date:Tuesday, 5 January 2016 21:04:37 UTC.
Hi Martin,
I validated the JWT has the metadata present:
{“api_model”:{},“key_id”:“5671387748366700010000fcdc5e932673294c4d594eb3b20bfe57d9”,“data”:{“last_check”:0,“allowance”:0,“rate”:1000,“per”:60,“expires”:1452042456,“quota_max”:-1,“quota_renews”:0,“quota_remaining”:0,“quota_renewal_rate”:0,“access_rights”:{“34603bbd9d65482d66ba8f5e3e2c0083”:{“api_name”:“Bazana - core api”,“api_id”:“34603bbd9d65482d66ba8f5e3e2c0083”,“versions”:[“Default”],“allowed_urls”:null}},“org_id”:“5671387748366700010000fc”,“oauth_client_id”:"",“basic_auth_data”:{“password”:"",“hash_type”:""},“jwt_data”:{“secret”:“0d6eebec-1d6a-4b6a-8d29-d307b2ca39ce”},“hmac_enabled”:false,“hmac_string”:"",“is_inactive”:false,“apply_policy_id”:"",“data_expires”:0,“monitor”:{“trigger_limits”:null},“meta_data”:{“user_id”:“568c0df39c659b30db3decec”},“tags”:null}}
I have attached the Tyk API defintion for the API mentioned.
Thanks,
Patrick
Imported Google Group message.
Sender:Patrick Plaatje.
Date:Tuesday, 5 January 2016 21:35:12 UTC.
Hi Patrick,
I’ve just run a very similar setup (JWT ID with meta data, embedded dynamically as a global header) on a local installation of Tyk and it injected the headers fine. However, It’s worth noting that underscores are not valid for HTTP Headers, when I used user_id as a header, it got returned as user-id (hyphen).
This could be the behavior of an intervening web server, as (IIRC), nginx cleans them up or ignores them if they are invalid, other frameworks might too.
Cheers,
Martin
Imported Google Group message.
Sender:Martin Buhr.
Date:Wednesday, 6 January 2016 08:56:52 UTC.
Hi Martin,
I changed the header name to be user-id and it magically started working. Must’ve been Nginx filtering out the user_id header.
Thanks for the help!
-patrick