Can we have multiple authentication mechanism defined for an API Definition. For example when an API call is made then gateway should validate both Key and OAuth token. Key can be passed in any custom header and OAuth token in Authentication header.
Is this supported now in CE gateway?
Is above can be implemented in API Definition?
Hello @Anup_Rai - yes this is possible with Tyk Gateway, although we did not implement/test it in the Operator yet.
Please open a ticket in GitHub - TykTechnologies/tyk-operator: Tyk Operator for Kubernetes and we will try to add it to the next sprint.
apiVersion: tyk.tyk.io/v1alpha1
kind: ApiDefinition
metadata:
name: httpbin.oauth2
spec:
name: HttpBin OAuth2 API
protocol: http
active: true
proxy:
listen_path: /httpbin-oauth2
target_url: http://httpbin.default.svc:8000
strip_listen_path: true
use_oauth2: true
oauth_meta:
allowed_access_types:
- client_credentials
allowed_authorize_types: []
use_standard_auth: true
auth_configs:
- authToken:
auth_header_name: apikey # remapped the authToken authorization header
base_identity_provided_by: oauth_key # tyk operator needs to know about this field
The API Definition would look something like the above.
Thanks @ahmet , I created an API Definition which the help of Admin API and I am able to pass two authentication headers, one Bearer token and second one with apikey.
In this case I used a Key in which this API was not added under access_rights. I created this key using /tyk/keys API. Still I was able to call this API successfully. I changed below parameter in the API by referring to this link-
"base_identity_provided_by": "auth_token"
Now call failed. After I added this API in the key it started working. Now API is checking access_rights in both Key and OAuth token.
So when we have two Authentication mechanism then which one will be used to check the access_rights, Quota, Rate etc?
Which parameter we can set if we want API to check access_rights, Quota, Rate set in the Key?