I'm migrating from Apigee to WSO2 and would like to know if it's possible to migrate Apigee's "Developer Apps" to WSO2 such that I can re-use the same consumer_key and consumer_secret.
I found WSO2's Store APIs, and I'm able to programatically
Create the WSO2 App,
Subscribe the WSO2 App to my published APIs.
From Apigee, I can also retrieve the old consumer_key & consumer_secret,
so I just need a way to overwrite the key & secret in WSO2.
I found a simple solution.
After creating the App via the Store APIs, I located the respective credentials in the DB tables. Then I updated 3 table rows and I was able to reuse the same credentials for Apigee and WSO2.
Related
When integrating the WSO2 Identity Server (5.6.0) and WSO2 APIM (2.5.0). I came across one scenario where I want the token which I am generating while logging into IS should be used also for invoking APIs in APIM which are created by the same user.
I am creating user in IS and it is getting reflected in APIM but the token which is generated for IS is getting saves in IDN_OAUTH2_ACCESS_TOKEN of IS DB and for APIM while invoking any APIs for the same user, the token are getting saved in IDN_OAUTH2_ACCESS_TOKEN of APIM.
I want to use the same token which was generated in IS to invoke APIs which the same user created in APIM.
Any guidance in this direction will help me to understand.
Thanks
In a distributed deployment of APIM, you can use IS as the key manager node. The following document explains how to set it up.
https://docs.wso2.com/display/AM260/Configuring+WSO2+Identity+Server+as+a+Key+Manager
This document explains (step 3) how to share databases between APIM and IS. You can use the same to achieve what you want.
In short, you need to configure IS to use the APIM DB (shared between 2 nodes) instead of its own IS DB.
You also have to map the Application in the API store to the OAuth app you have created in IS. See this doc for that.
https://docs.wso2.com/display/AM260/Provisioning+Out-of-Band+OAuth+Clients
I am now hosting Pre-Packaged+Identity+Server+5.2.0+with+API+Manager+2.0.0 [https://docs.wso2.com/display/CLUSTER44x/Configuring+the+Pre-Packaged+Identity+Server+5.2.0+with+API+Manager+2.0.0] in my own AWS instance.
Planning to move on to managed Cloud solution by WSO2. But I can see independent installatiion of identity server and wso2 api manager. But is there a cloud alternative for idenitity server , api manager combo.
I am using WSO2 idenity server for user management only.keeping users in that. Can it be done in API manager as well?
What is the cloud alternative for this?
WSO2 Cloud uses Identity Server for providing Single Sign On. Cloud has its deployment architecture done in a way API Manager can also do the user management (thats comes with the power of WSO2 platform). You dont need to worry about cloud having the API Manager and Identity Server separately.
IF you are managing your subscribers and publishers, then its an out of the box scenario in the cloud. If you want to store end users of the APIs (i.e. if you are using the password grant type), then you can add a secondary userstore and store the end users in it.
I recommend you to raise these questions via the "Contact Support" option available in the Cloud UI.
I am using WSO2 API Manager to expose few APIs. But I don't want that the consumer use the API store for the subscriptions. The creation of subscriptions/applications and Access tokens should be managed through by my custom web application.
I have checked the WSO2 API Manager docs https://docs.wso2.com/display/AM210/apidocs/store/ and imported the swagger in SoapUI. When I try to invoke the store api of my local API Manager I am getting the HTML content of API store page. see below screenshot.
Can anyone please help what I am doing wrong? Or is there any other way to the requirement.
You need to pass token which is generated by passing scope and client secret key and password as described in https://docs.wso2.com/display/AM210/apidocs/store/#guide
In Firebase console under Project Settings/General beneath the Project ID field there is a Web API key :
Where is this used? I know that the Server key found under Project Settings/Cloud Messaging is used as Authorization key to make calls to the firebase console:
I have also noticed that in google-services.json ther is an "api_key" property that has a "current_key" value which is different from both keys that I have mentioned. What is that key?
From my answer here:
current key - nothing is explicitly stated anywhere in the docs where it is used, however, among the 3 services where the google-services.json was originally used for before Firebase (Google Sign-in, Analytics, GCM), I'm guessing it would be between Google Sign-in and Analytics. As also mentioned by #DiegoGiorgini here:
The api_key value in google-services.json is not used by FCM. (it is used by other Firebase libraries)
So it can be for a separate Google non-Firebase or Firebase service.
Web API Key - this one I haven't had a chance to use before. However, I've seen other posts wherein this specific API key is used often on Web apps related to Firebase (possibly also for Auth purposes?), but I'm not entirely sure.
Server Key - as per the docs:
A server key that authorizes your app server for access to Google services, including sending messages via Firebase Cloud Messaging.
current_key (as per the docs) is the Android key auto-created by Firebase when creating a Firebase Android App. It's NOT used to control access to backend resources. Instead, it's used to identify your Firebase project when interacting with Firebase/Google services. Specifically, it's used to associate API requests with your project for quota and billing.
Web API Key (as per the docs): can be used to authenticate users by passing its value to the key query parameter in several API endpoints, e.g., sign up or sign in using email & password, generate refresh token, etc.
Server Key (as per the docs): is a server key that authorizes your app server for access to Google services, including sending messages via the Firebase Cloud Messaging legacy protocols.
Lets say I have Google Cloud Project (GCP1) with GCM turned on with Client id P1.
Now I have created a standalone Firebase project F2 WITHOUT importing it to GCP1. I have also released F2 to production. (Alternatively, I have imported F2 from an existing firebase.com project into the new Firebase console).
I use a backend server to send push notifications. When I send a push to a GCM token generated via GCP1 from the F2 project, it fails (naturally) because of incorrect client ID. Are there work-arounds to enable use of GCM tokens generated for P1 within F2?
When sending messages from your back-end server, you need to authenticate the request with the API-KEY associated with project (sender-id) used to generate the GCM/FCM token.
Due to security restrictions here are no workaround for this.
For existing GCM users the best migration consists in importing the old project into the Firebase Console. This will allow you to target both old and new client, since the sender-id will not change
Steps here: https://developers.google.com/cloud-messaging/android/android-migrate-fcm
If that is not option (you have already created a new Firebase Project distinct from the previous Google Cloud Project) you have two possibilities:
Easier and recommended approach: change your back-end to store which client originated the gcm/fcm token. Then use the correct API-KEY when sending messages from your back-end. (the API-KEY associated to the old project for old clients, and the new API-KEY for new clients that are using the new Firebase project).
If you cannot change your back-end at all: in FCM you can create an additional token for the old SenderID, using the API:
FirebaseInstanceId.getInstance().getToken("old-sender-id", "FCM")
Because this token is associated to the old-sender-id your back-end will be able to send messages to it using the API-KEY of the old project.
Note: this doesn't affect the Firebase Console which is based on the new-sender-id.
That console will be able to target only the new clients that are including the firebase sdk and the associated google_services.json file.