Custom authentication handler to perform either Basic authentication or Oauth2 in the API consuming process
With the current implementations of the wso2 API Manager, It does not support both basic authentication and Oauth2 options for API consuming process. Therefore I implemented a sample custom handler to fulfil this requirement.
Corresponding authentication type is implemented using a handler and it is defined in the generated synapse API. Since there is not any configuration or UI to change which authentication type to be engaged, we need to define the corresponding handler in the synapse API. For that, we have to add a rule to template decide which authentication handler to use.
Also, with the custom attributes, we can selectively engage the basic authentication handler through the velocity template.
The basic authenticator authenticates the end user with the connected user store using the provided username and password.
According to the implementation of the handler, we use the header information to invoke basic authentication. So, if the header has “Authorization: Basic <base64 encoded key>”, then trigger basic authentication.
I have shared the code in  in order for you to get a better understanding of what I have implemented.
Please follow the steps below to configure the ExtendedOauthHandler in your environment.
- Place the handler (ExtendedOauthHandler-1.0-SNAPSHOT.jar) inside /repository/components/lib. Once you do this restart the server. Go to your API configuration file inside /repository/deployments/server/synapse-configs/default/api/ and do the following changes manually.
- Remove the default APIAuthenticationHandler from the list of handlers
3. Add the sample ExtendedOauthHandler in place of the default handler as below
<property name="deploymentPattern" value="ALL_IN_ONE"/>
<property name="clientKey" value="s1ydlgyj0FoqVktMNIMJtOVgA2Qa"/>
<property name="clientSecret" value="igibwC7yuV09AYyAYnhLzfJg2Zwa"/>
Please refer following curl commands to perform either Basic Authentication or Oauth2 in the API Consuming process.
Curl Command for Basic Authentication
curl -k -X GET "https://172.17.0.1:8243/ExtAPI/1.0.0/checkExtAPI" -H "accept: application/json" -H "Authorization: Basic YWRtaW46YWRtaW4="
Curl Command for Bearer Token
curl -k -X GET "https://172.17.0.1:8243/ExtAPI/1.0.0/checkExtAPI" -H "accept: application/json" -H "Authorization: Bearer 0f3c428c-b504-3ed4-9ef0-48b81f7260c7"
Hope you find this article useful! Until my next piece, happy coding!