WebSocket API Fails When Using Default Version with Auth Token in Query Parameter #3905
Description
Description
We're encountering an issue in WSO2 API Manager 3.1.0 where WebSocket APIs fail to connect under a specific, but valid, usage pattern.
When a client connects to a WebSocket API using the default API version (i.e., omitting the version in the URL) and provides the access_token as a query parameter, the connection is established but hangs, the request never reaches the backend.
This is problematic for clients that rely on default versioning for simplicity or stability and are limited to using query parameters for authentication.
Steps to Reproduce
Using API Manager 3.1.0 All-In-One:
- Create a WebSocket API pointing to a sample backend and marked version 1.0.0 as the default.
- Create an application using opaque tokens, subscribe it to the API, and generate an OAuth2 access token.
- Start the backend server.
Successful Test Cases:
The following WebSocket requests work as expected:
wscat -c "ws://localhost:9099/notifications/1.0.0" -H "Authorization: Bearer <token>"
wscat -c "ws://localhost:9099/notifications" -H "Authorization: Bearer <token>"
wscat -c "ws://localhost:9099/notifications/1.0.0?access_token=<token>"
These connections are established, and we receive the expected backend response:
Connected (press CTRL+C to quit)
< Subscribed to notifications!
>
Failing Test Case:
This request fails (hangs and does not reach the backend):
wscat -c "ws://localhost:9099/notifications?access_token=<token>"
Output:
Connected (press CTRL+C to quit)
>
The connection remains pending and is not forwarded to the backend.
Version
wso2am-3.1.0
Environment Details (with versions)
No response