Update oauth plugin to skip urls specified in config.yaml

[satishbkodali]

Fixes issue # 97

In config yaml, you can specify as follows under oauth for pings and healthchecks. Then the oauth plugin skips the oauth check if incoming path starts with the one that is mentioned in the yaml

oauth:
  allowNoAuthorization: false
  allowInvalidAuthorization: false
  skipURI:
      - /ping
      - /healthcheck
      - /api/ping

@srinandan @keyurkarnik @swilliams11 @indraneeldey

[eharishgit]

do we know when this will be merged?

[keyurkarnik]

As a general guideline, please squash your commits. The code can be reviewed better that way.

Also, in this specific case, have you tried using the healthcheck plugin for your needs? Configuring the healthcheck plugin to be used before oauth will automatically bypass oauth for healthcheck

[satishbkodali]

@keyurkarnik I squashed all the commits.

Yes. We tried the healthcheck plugin. But this healthcheck plugin only checks the health of microgateway. Is there anyway we can configure healthcheck plugin to check the health of backend app (backend app will provide API) without going to next plugins.

Our scenario is to check the healthcheck for backend apis that are protected by apigee microgateway. And these backends healthchecks are being used for monitoring, loadbalancing etc. And these monitoring and loadbalancing servers not able to pass the oauth tokens.

Please let us know if any questions.

[satishbkodali]

@keyurkarnik Any comments or updates?

[keyurkarnik]

We are reviewing this internally and the approach as well. Will keep you posted.

[eharishgit]

Do you have any update on this? this will enable us to use microgateway widely across organization.

[eharishgit]

@indraneeldey @keyurkarnik Any update on this pull request?

[keyurkarnik]

In v3.1.5 of EMG (plugins v3.1.0), a new feature has been added to allow exclusion of URLs globally as well as per plugin. That follows a more generic and extensible approach and should resolve the problem. Closing this pull request.