Ok so here is what I have, honestly I feel like the docs are not complete or I am missing something as things are just not tying together for me.
a) My API definition:
{
"id": "5970bd3ae4b3480001d6a0e0",
"name": "MY Auth",
"slug": "my/auth/10",
"api_id": "06ca7b5dfbaf4d2d59a2eaa81cf8ca1c",
"org_id": "596cc1d5e4b3480001d6a0d9",
"use_keyless": false,
"use_oauth2": false,
"use_openid": false,
"openid_options": {
"providers": [],
"segregate_by_client": false
},
"oauth_meta": {
"allowed_access_types": [],
"allowed_authorize_types": [],
"auth_login_redirect": ""
},
"auth": {
"use_param": false,
"param_name": "",
"use_cookie": false,
"cookie_name": "",
"auth_header_name": ""
},
"use_basic_auth": false,
"enable_jwt": false,
"use_standard_auth": false,
"enable_coprocess_auth": true,
"jwt_signing_method": "",
"jwt_source": "",
"jwt_identity_base_field": "",
"jwt_client_base_field": "",
"jwt_policy_field_name": "",
"notifications": {
"shared_secret": "",
"oauth_on_keychange_url": ""
},
"enable_signature_checking": false,
"hmac_allowed_clock_skew": -1,
"base_identity_provided_by": "",
"definition": {
"location": "header",
"key": "x-api-version"
},
"version_data": {
"not_versioned": true,
"versions": {
"Default": {
"name": "Default",
"expires": "",
"paths": {
"ignored": [],
"white_list": [],
"black_list": []
},
"use_extended_paths": true,
"extended_paths": {},
"global_headers": {},
"global_headers_remove": [],
"global_size_limit": 0,
"override_target": ""
}
}
},
"uptime_tests": {
"check_list": [],
"config": {
"expire_utime_after": 0,
"service_discovery": {
"use_discovery_service": false,
"query_endpoint": "",
"use_nested_query": false,
"parent_data_path": "",
"data_path": "",
"port_data_path": "",
"target_path": "",
"use_target_list": false,
"cache_timeout": 60,
"endpoint_returns_list": false
},
"recheck_wait": 0
}
},
"proxy": {
"preserve_host_header": false,
"listen_path": "/my/auth/10",
"target_url": "http://192.168.0.148:9080/service/authws",
"strip_listen_path": true,
"enable_load_balancing": false,
"target_list": [],
"check_host_against_uptime_tests": false,
"service_discovery": {
"use_discovery_service": false,
"query_endpoint": "",
"use_nested_query": false,
"parent_data_path": "",
"data_path": "hostname",
"port_data_path": "port",
"target_path": "/api-slug",
"use_target_list": false,
"cache_timeout": 60,
"endpoint_returns_list": false
}
},
"disable_rate_limit": false,
"disable_quota": false,
"custom_middleware": {
"pre": [],
"post": [],
"post_key_auth": [],
"auth_check": {
"name": "myAuth",
"path": "middleware/myAuth.js",
"require_session": false
},
"response": [],
"driver": "",
"id_extractor": {
"extract_from": "header",
"extract_with": "value",
"extractor_config": {
"header_name": "Authorization"
}
}
},
"custom_middleware_bundle": "",
"cache_options": {
"cache_timeout": 60,
"enable_cache": true,
"cache_all_safe_requests": false,
"cache_response_codes": [],
"enable_upstream_cache_control": false
},
"session_lifetime": 1,
"active": true,
"auth_provider": {
"name": "",
"storage_engine": "",
"meta": {}
},
"session_provider": {
"name": "",
"storage_engine": "",
"meta": null
},
"event_handlers": {
"events": {}
},
"enable_batch_request_support": false,
"enable_ip_whitelisting": false,
"allowed_ips": [],
"dont_set_quota_on_create": false,
"expire_analytics_after": 0,
"response_processors": [],
"CORS": {
"enable": false,
"allowed_origins": [],
"allowed_methods": [],
"allowed_headers": [],
"exposed_headers": [],
"allow_credentials": false,
"max_age": 24,
"options_passthrough": false,
"debug": false
},
"domain": "",
"do_not_track": false,
"tags": [],
"enable_context_vars": false
}
b) My plugin (under middleware/myAuth.js) on the gateway node
log("====> myAuth Auth initialising");
var myAuth = new TykJS.TykMiddleware.NewMiddleware({});
myAuth.NewProcessRequest(function(request, session) {
log("----> Running myAuth JSVM Auth Middleware");
var rawAuthorization = request.Headers["Authorization"];
log("session= " + JSON.stringify(session));
if (rawAuthorization && rawAuthorization.length > 0) {
rawAuthorization = rawAuthorization[0];
} else {
request.ReturnOverrides.ResponseCode = 401;
request.ReturnOverrides.ResponseError = 'Authentication required';
return myAuth.ReturnData(request, {});
}
log(rawAuthorization);
var newRequest = {
"Method": "GET",
"Body": "",
"Headers": {
"Authorization":rawAuthorization,
},
"Domain": "http://192.168.0.148:9080",
"Resource": "/auth/util/doit"
};
var resp = TykMakeHttpRequest(JSON.stringify(newRequest));
var respObj = JSON.parse(resp);
log(respObj.Code);
if (respObj.Code != 200) {
request.ReturnOverrides.ResponseCode = 401;
request.ReturnOverrides.ResponseError = 'MY Auth Failed: ' + respObj.code;
return myAuth.ReturnData(request, {});
}
var newSession = {
"allowance": 100,
"rate": 100,
"per": 1,
"quota_max": -1,
"quota_renews": 1406121006,
"access_rights": {}
};
return myAuth.ReturnAuthData(request, newSession);
});
// Ensure init with a post-declaration log message
log("====> myAuth initialised");
c) My first request to the endpoint, I get through w/ a valid Authorization header (i.e. the plugin hits my backend auth API ok) and this is logged
2017-07-20T14:35:21.391318719Z time="Jul 20 14:35:21" level=info msg="----> Running myAuth JSVM Auth Middleware" type=log-msg
2017-07-20T14:35:21.391853783Z time="Jul 20 14:35:21" level=info msg="session= {\"access_rights\":null,\"alias\":\"\",\"allowance\":0,\"apply_policy_id\":\"\",\"basic_auth_data\":{\"hash_type\":\"\",\"password\":\"\"},\"data_expires\":0,\"enable_detail_recording\":false,\"expires\":0,\"hmac_enabled\":false,\"hmac_string\":\"\",\"id_extractor_deadline\":0,\"is_inactive\":false,\"jwt_data\":{\"secret\":\"\"},\"last_check\":0,\"last_updated\":\"\",\"meta_data\":null,\"monitor\":{\"trigger_limits\":null},\"oauth_client_id\":\"\",\"oauth_keys\":null,\"org_id\":\"\",\"per\":0,\"quota_max\":0,\"quota_remaining\":0,\"quota_renewal_rate\":0,\"quota_renews\":0,\"rate\":0,\"session_lifetime\":0,\"tags\":null}" type=log-msg
2017-07-20T14:35:21.391925198Z time="Jul 20 14:35:21" level=info msg="Basic XXXX==" type=log-msg
2017-07-20T14:35:22.474491045Z time="Jul 20 14:35:22" level=info msg=200 type=log-msg
d) My 2nd request to the endpoint (i would expect session to be populated now?) But its not, just looks like another empty one (logs below)
2017-07-20T14:35:40.263778912Z time="Jul 20 14:35:40" level=info msg="----> Running myAuth JSVM Auth Middleware" type=log-msg
2017-07-20T14:35:40.264316972Z time="Jul 20 14:35:40" level=info msg="session= {\"access_rights\":null,\"alias\":\"\",\"allowance\":0,\"apply_policy_id\":\"\",\"basic_auth_data\":{\"hash_type\":\"\",\"password\":\"\"},\"data_expires\":0,\"enable_detail_recording\":false,\"expires\":0,\"hmac_enabled\":false,\"hmac_string\":\"\",\"id_extractor_deadline\":0,\"is_inactive\":false,\"jwt_data\":{\"secret\":\"\"},\"last_check\":0,\"last_updated\":\"\",\"meta_data\":null,\"monitor\":{\"trigger_limits\":null},\"oauth_client_id\":\"\",\"oauth_keys\":null,\"org_id\":\"\",\"per\":0,\"quota_max\":0,\"quota_remaining\":0,\"quota_renewal_rate\":0,\"quota_renews\":0,\"rate\":0,\"session_lifetime\":0,\"tags\":null}" type=log-msg
2017-07-20T14:35:40.264381096Z time="Jul 20 14:35:40" level=info msg="Basic XXXX==" type=log-msg
2017-07-20T14:35:40.950387636Z time="Jul 20 14:35:40" level=info msg=200 type=log-msg
e) Assuming a session would be established after the FIRST successful invocation, and the session key properly based on the Authorization header per the “id_extractor” config… will Tyk still call the auth plugin on every invocation and it is up to my plugin to determine (based on something in the session) if it should call back again to the auth endpoint? OR will tyk upon seeing a valid session SKIP calling my plugin, and only call again when the key expires.
Perhaps something is still missing in my config?