-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
special case for basic auth added #2018
Conversation
I get the idea, but I'm afraid this will not work. When dashboard sends the request to gateway API, it does not set the right API id. |
it worked for me in dashboard - tried to find two different BA-keys (created for different BA apis). the problem here that our gateway logic uses API-id just to get session storage, then it can find any key as they are prefixed with So nothing really changed except it works with hashing algo. There is one problem though - if passed API ID is not BA - it is not gonna work. This condition https://github.com/TykTechnologies/tyk/pull/2018/files#diff-651a84f8ad6a38c1f7ccdf63f2692410R328 makes sense only dashboard is sending right API ID, maybe we should remove The question is how would dashboard know the right API ID? Looks like asking for right API ID in this case is something extra as gateway's API already support key retrieval without API ID - in endpoint |
That's why I was thinking about extending Tyk Keys API, and for example, pass query attribute "?username=true" to the endpoint, and if it set, it will run logic similar to what you do in PR. Dashboard can't know right APIID in advance. |
makes sense to me. just to mention - we also need OrgID to generate right token and get key from storage. I guess the assumption with this approach would be that dashboard would be still passing key as |
@dencoded makes sense to me |
@buger I've added boolean parameter
|
Exactly, instead orgid extraction logic you implemented. Also note that gateway api is an admin one, and we trust user input, so check if orgid valid also redundant. |
Fix TykTechnologies/tyk-analytics#976 #2038 Added new attributes `org_id` and `username` (boolean) attributes, which should be passed together when you query for username.
Fix TykTechnologies/tyk-analytics#976 #2038 Added new attributes `org_id` and `username` (boolean) attributes, which should be passed together when you query for username.
Fix TykTechnologies/tyk-analytics#976 #2038 Added new attributes `org_id` and `username` (boolean) attributes, which should be passed together when you query for username.
Fix TykTechnologies/tyk-analytics#976 #2038 Added new attributes `org_id` and `username` (boolean) attributes, which should be passed together when you query for username.
Fix https://github.com/TykTechnologies/tyk-analytics/issues/976 #2038
Added new attributes
org_id
andusername
(boolean) attributes, which should be passed together when you query for username.