Path forwarding issue with WSO2 API Manager

[saber13812002]

Description

In WSO2 API Manager, by default, any path after the defined proxy path (i.e., the main API path) is passed to the destination endpoint (backend) as is. Therefore, if you have defined the following path for the proxy:

I have encountered an issue with WSO2 API Manager where paths after the base proxy path are not being forwarded to the backend as expected.

please read Relevant Log Output part for main problem

Steps to Reproduce

Setup:
Proxy base path: http://localhost:8280/z-auth/2.0.0
Backend endpoint: http://192.168.0.63:5013
When I send the following requests:

http://localhost:8280/z-auth/2.0.0/AUTH/graphql
http://localhost:8280/z-auth/2.0.0/auth/graphql
I expect them to be forwarded to:

http://192.168.0.63:5013/AUTH/graphql
http://192.168.0.63:5013/auth/graphql
Issue:
Instead, the requests are either not reaching the backend or there is unexpected behavior in the way the paths are being forwarded. Specifically:

There seems to be an issue with case sensitivity, where /AUTH and /auth are treated differently.
I suspect that there might be URL rewrite rules or path mappings in WSO2 API Manager that are affecting the correct forwarding of the requests.
Expected behavior:
Any path after the base proxy path should be forwarded to the backend endpoint without modification, including case sensitivity.

Steps to reproduce:
Define an API with the base path http://localhost:8280/z-auth/2.0.0 in WSO2 API Manager.
Send requests to http://localhost:8280/z-auth/2.0.0/AUTH/graphql and http://localhost:8280/z-auth/2.0.0/auth/graphql.
Observe if the paths are forwarded to the backend as expected.
Environment:
WSO2 API Manager version: [Your version]
Backend service: [Details of your backend service]
Please investigate this issue and provide guidance on how to resolve it.

Affected Component

Analytics

Version

wso2/wso2am 4.3.0

Environment Details (with versions)

docker image wso2/wso2am 4.3.0 1.16GB

Relevant Log Output

If I call the following:


curl "http://192.168.0.65:2010/AUTH/graphql" ^
  -H "Cache-Control: no-cache" ^
  -H "Connection: keep-alive" ^
  ...


The response is:

```json
{
  "data": {
    "message": "OK",
    "statusCode": 200
  }
}

However, when I call:

curl "http://192.168.0.65:2010/auth/graphql" ^
  -H "Cache-Control: no-cache" ^
  -H "Connection: keep-alive" ^
  ...

The response is:

{
  "code": "900901",
  "message": "Invalid Credentials",
  "description": "Invalid JWT token. Make sure you have provided the correct security credentials"
}

Sometimes, if I call the first endpoint, I get the error. Other times, if I call the second one after several hours, the error is triggered for that one while the first returns a valid response.

---

This description explains the inconsistency in responses based on the two similar endpoints and the timing of the requests. You might want to investigate the underlying authentication mechanism or token caching issues that could be causing this behavior.

### Related Issues

_No response_

### Suggested Labels

case sensitive

[saber13812002]

Sometimes, if I call the first endpoint, I get the error. Other times, if I call the second one after several hours, the error is triggered for that one while the first returns a valid response.