How to find service name on PreAuthorizationMiddleware?

[Iran-asp]

Imagine a scenario (I know it seems odd but unfortunately it’s real!) that clients want to use one upstream (e.g., http://api.qwe.com/v1/sms) to send SMS with some SMS providers, but in the background it automatically identifies the related subservice based on the scope parameter on the JWT token and not to use separated URLs for each one (e.g., …/sms/provider1 - …/sms/provider2). I searched the net and I decided to add this functionality into the Ocelot API Gateway (maybe it’s wrong, actually I’m not sure…). There are some samples that says we can add this functionality to the PreAuthorizationMiddleware. For example:

public void Configure(IApplicationBuilder app)
{
    var conf = new OcelotPipelineConfiguration
    {
              PreAuthorizationMiddleware = async (httpContext, next) =>
              {
                  var claims = httpContext.User.Claims;
                  if (claims != null)
                  {
                      var scopes = claims.Where(x => x.Type == "scope").Select(x => x.Value);
                      if (scopes != null)
                      {
                          // Override the downstream request settings
                          var downstreamRequest = httpContext.Items.DownstreamRequest();
                          downstreamRequest.Host = downstreamRequest.Host;
                          downstreamRequest.Port = downstreamRequest.Port;
                          downstreamRequest.Scheme = downstreamRequest.Scheme;
                          // DO OTHER THINGS
                      }
                  }
              }
    };

    builder.Services.AddOcelot(conf).AddConsul();
}

As it shows, they use downstreamRequest.Host and downstreamRequest.Port to find sub-services, but what should you do if you use Consul as service discovery?
As you know, in this situation Ocelot will use service discovery with ServiceName to find sub-services.

The main question

How can I tell Ocelot to use Consul instead of Host:Port?

If you have a moment, I’d appreciate your help.

[raman-m]

Hi Shadman!
Welcome to Ocelot world! 🐯

Short answer: Use Service discovery!

First,

You don't have to override PreAuthorizationMiddleware! You need to develop a kind of dynamic routing vs Consul solution...
Also, you can read httpContext.User.Claims from any class after authentication passed, so you need just to define authenticated route to have claims.

Second,

Classic approach of overriding of overwriting something in Ocelot is Delegating Handlers feature. Most of user scenarios can be implemented using delegating handler.
But your scenario is quite complicated! You want to use dynamic routing, and Consul. See the next point!

Third,

I believe to implement your user scenario you need to

• Define services in Consul for each claim with unique key (service name)
• Define custom class for Custom Provider of Service discovery.
• Inherit custom class from Consul or PollConsul types
• Finish design by following the rest of instructions for your lovely Custom Provider.

Good luck!

[raman-m]

@ggnaegi Please correct me if I'm wrong! Or suggest something more please.

[Iran-asp]

Hi @raman-m , Thank you for your reply.
You mentioned two important points (Delegating Handler & Custom Provider), let me check them please.
I will inform you of the result.

[raman-m]

You are welcome!
It would be great if you will share the working solution in future to the community.
Your scenario is interesting when pairing Consul + Custom SD Provider + Auth Claims
We will be waiting for your feedback...