---
swagger: "2.0"
info:
  x-ibm-name: "testsanclientauth"
  title: "Test_Sanitize_Client_Authentication"
  version: "1.0.0"
schemes:
- "https"
host: "$(catalog.host)"
basePath: "/testsanclientauth"
consumes:
- "application/json"
produces:
- "application/json"
securityDefinitions:
  clientIdHeader:
    type: "apiKey"
    in: "header"
    name: "X-IBM-Client-Id"
  clientSecretHeader:
    type: "apiKey"
    in: "header"
    name: "X-IBM-Client-Secret"
security:
- clientIdHeader: []
  clientSecretHeader: []
x-ibm-configuration:
  testable: true
  enforced: true
  cors:
    enabled: true
  assembly:
    execute:
    - gatewayscript:
        title: "setauthheader"
        version: "1.0.0"
        source: "// define debug object\n// can be sent to endpoint for debugging\
          \ purposes\nvar debugObj = {\n    var1:\"test\",\n    var2:\"test2\",\n\
          \    // NOT FOR PRODUCTION\n    // put client id and secret into debug object\n\
          \    // for debugging purposes only!\n    clientId: apim.getvariable('client.app.id'),\n\
          \    clientSecret: apim.getvariable('client.app.secret')\n};\n\n// get client\
          \ id and secret from request body\n// to be set as authentication header\n\
          var client_id = apim.getvariable('client.app.id');\nvar client_secret =\
          \ apim.getvariable('client.app.secret';\n\n// define authentication header\n\
          // for the target invocation\n// CASE 1: use client id and secret for basic\
          \ authentication\n//var authHeader = 'Basic ' + new Buffer(client_id + ':'\
          \ + client_secret).toString('base64');\n// CASE 2: use original basic authentication\
          \ information\nvar authHeader = apim.getvariable('request.authorization');\n\
          \n// set content type for endpoint call\napim.setvariable('message.headers.content-type',\
          \ 'application/json');\n\n// NOT FOR PRODUCTION\n// send debug object as\
          \ payload to endpoint\n// for debugging purposes\napim.setvariable('message.body',\
          \ JSON.stringify(debugObj) );\n\n// put authentication into Authorization\
          \ header field\n// will always be sanitized and not appear in clear text\
          \ in the log\napim.setvariable('message.headers.Authorization', authHeader);"
    - invoke:
        title: "invoke"
        timeout: 60
        verb: "POST"
        cache-response: "protocol"
        cache-ttl: 900
        stop-on-error:
        - null
        version: "1.0.0"
        target-url: "https://wtmynodered.eu-gb.mybluemix.net/myauthtest"
    - activity-log:
        title: "activity-log"
        content: "payload"
        error-content: "payload"
        version: "1.0.0"
  phase: "realized"
paths:
  /token:
    get:
      responses:
        200:
          description: "200 OK"
    post:
      responses:
        200:
          description: "200 OK"
definitions: {}
tags: []