WSO2-API Manager and WSO2-IS : OAuth Overlap

StackOverflow https://stackoverflow.com/questions/16840177

  •  30-05-2022
  •  | 
  •  

Question

I was using OAuth for a REST API Service on WSO2-ESB using WSO2-IS, and now I wanted to register this service on API Manager. But looks like API Gateway already has OAuth incorporated.

Does it make sense to have WSO2-IS for OAuth in above scenario because having WSO2-API Manager and WSO2-IS make it a two layer OAuth which is not required?

Thanks, Wajid

Was it helpful?

Solution

Yes API Gateway already has OAuth incorporated. WSO2 API Manager provides secure authorization for APIs using OAuth 2.0 standard for key management. Every API created through WSO2 APIM will engage authentication handler which does this. So if you are using WSO2 API Manger you can skip the engagement of OAuth to your REST API. If you want to keep your own authentication mechanism, it also can be done by defining your APIs in API Provider with None Auth type. In that case API gateway will just pass the any Authentication headers came in the request to the backend service, without validating. But here since you are also using OAuth, you can go with WSO2 API Manager's default authentication mechanism.

http://docs.wso2.org/wiki/display/AM131/API+Manager+Components

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top