Access to this API has been disallowed - Open ID Connect

Support
1

I have two apis defined with Open ID Connect, and the Issuers is OpenAM. I Add Issuers, clients and policies to the two apis(use the same policies). When I call apis with id_token, one is ok, and another response:
{
“error”: “Access to this API has been disallowed”
}
, and the error log:
Aug 15 17:03:21 openam tyk[23618]: time=“Aug 15 17:03:21” level=info msg=“Attempted access to unauthorised API.” api_found=false key=“” origin=117.33.52.85 path=“/oidc-test1/exchangerate”.

  • Success API define:

    {
    “id”: “5b6bba088c99344fbf1cc369”,
    “name”: “Rate - OIDC”,
    “slug”: “rate_oidc”,
    “api_id”: “286cf08e92cc45ef4cd85ad60d90f2be”,
    “org_id”: “5abb6300d7371646bddee9cc”,
    “use_keyless”: false,
    “use_oauth2”: false,
    “use_openid”: true,
    “openid_options”: {
    “providers”: [
    {
    “issuer”: “http://openam.xxxx.cn:8088/openam/oauth2”,
    “client_ids”: {
    “b2lkY190ZXN0Y2xpZW50MDAxMTIxMzE=”: “5b6aa5868c99344fbf1cc349”
    }
    }
    ],
    “segregate_by_client”: true
    },
    “oauth_meta”: {
    “allowed_access_types”: [],
    “allowed_authorize_types”: [],
    “auth_login_redirect”: “”
    },
    “auth”: {
    “use_param”: false,
    “param_name”: “”,
    “use_cookie”: false,
    “cookie_name”: “”,
    “auth_header_name”: “”,
    “use_certificate”: false
    },
    “use_basic_auth”: false,
    “use_mutual_tls_auth”: false,
    “client_certificates”: [],
    “upstream_certificates”: {},
    “enable_jwt”: false,
    “use_standard_auth”: false,
    “enable_coprocess_auth”: false,
    “jwt_signing_method”: “”,
    “jwt_source”: “”,
    “jwt_identity_base_field”: “”,
    “jwt_client_base_field”: “”,
    “jwt_policy_field_name”: “”,
    “notifications”: {
    “shared_secret”: “”,
    “oauth_on_keychange_url”: “”
    },
    “enable_signature_checking”: false,
    “hmac_allowed_clock_skew”: -1,
    “base_identity_provided_by”: “”,
    “definition”: {
    “location”: “header”,
    “key”: “x-api-version”
    },
    “version_data”: {
    “not_versioned”: true,
    “default_version”: “”,
    “versions”: {
    “Default”: {
    “name”: “Default”,
    “expires”: “”,
    “paths”: {
    “ignored”: [],
    “white_list”: [],
    “black_list”: []
    },
    “use_extended_paths”: true,
    “extended_paths”: {
    “white_list”: [
    {
    “path”: “/boardexchangerate”,
    “method_actions”: {
    “GET”: {
    “action”: “no_action”,
    “code”: 200,
    “data”: “”,
    “headers”: {}
    }
    }
    }
    ]
    },
    “global_headers”: {},
    “global_headers_remove”: [],
    “global_size_limit”: 0,
    “override_target”: “”
    }
    }
    },
    “uptime_tests”: {
    “check_list”: [],
    “config”: {
    “expire_utime_after”: 0,
    “service_discovery”: {
    “use_discovery_service”: false,
    “query_endpoint”: “”,
    “use_nested_query”: false,
    “parent_data_path”: “”,
    “data_path”: “”,
    “port_data_path”: “”,
    “target_path”: “”,
    “use_target_list”: false,
    “cache_timeout”: 60,
    “endpoint_returns_list”: false
    },
    “recheck_wait”: 0
    }
    },
    “proxy”: {
    “preserve_host_header”: false,
    “listen_path”: “/rate_oidc/”,
    “target_url”: “http://xxx.xxx.xxx.xxx:8182”,
    “strip_listen_path”: true,
    “enable_load_balancing”: false,
    “target_list”: [],
    “check_host_against_uptime_tests”: false,
    “service_discovery”: {
    “use_discovery_service”: false,
    “query_endpoint”: “”,
    “use_nested_query”: false,
    “parent_data_path”: “”,
    “data_path”: “”,
    “port_data_path”: “”,
    “target_path”: “”,
    “use_target_list”: false,
    “cache_timeout”: 0,
    “endpoint_returns_list”: false
    }
    },
    “disable_rate_limit”: false,
    “disable_quota”: false,
    “custom_middleware”: {
    “pre”: [],
    “post”: [],
    “post_key_auth”: [],
    “auth_check”: {
    “name”: “”,
    “path”: “”,
    “require_session”: false
    },
    “response”: [],
    “driver”: “”,
    “id_extractor”: {
    “extract_from”: “”,
    “extract_with”: “”,
    “extractor_config”: {}
    }
    },
    “custom_middleware_bundle”: “”,
    “cache_options”: {
    “cache_timeout”: 60,
    “enable_cache”: false,
    “cache_all_safe_requests”: false,
    “cache_response_codes”: [],
    “enable_upstream_cache_control”: false,
    “cache_control_ttl_header”: “”
    },
    “session_lifetime”: 0,
    “active”: true,
    “auth_provider”: {
    “name”: “”,
    “storage_engine”: “”,
    “meta”: {}
    },
    “session_provider”: {
    “name”: “”,
    “storage_engine”: “”,
    “meta”: {}
    },
    “event_handlers”: {
    “events”: {}
    },
    “enable_batch_request_support”: false,
    “enable_ip_whitelisting”: false,
    “allowed_ips”: [],
    “dont_set_quota_on_create”: false,
    “expire_analytics_after”: 0,
    “response_processors”: [],
    “CORS”: {
    “enable”: false,
    “allowed_origins”: [],
    “allowed_methods”: [],
    “allowed_headers”: [],
    “exposed_headers”: [],
    “allow_credentials”: false,
    “max_age”: 24,
    “options_passthrough”: false,
    “debug”: false
    },
    “domain”: “”,
    “do_not_track”: false,
    “tags”: [],
    “enable_context_vars”: false,
    “config_data”: {},
    “tag_headers”: [],
    “global_rate_limit”: {
    “rate”: 0,
    “per”: 0
    },
    “strip_auth_data”: false
    }

  • Error API definition:

{
“id”: “5b73dcb78c993442e1621147”,
“name”: “OIDC-test”,
“slug”: “oidc-test”,
“api_id”: “ba6e72b2bf9e4ef56a514472373d9fbf”,
“org_id”: “5abb6300d7371646bddee9cc”,
“use_keyless”: false,
“use_oauth2”: false,
“use_openid”: true,
“openid_options”: {
“providers”: [
{
“issuer”: “http://openam.xxxx.cn:8088/openam/oauth2”,
“client_ids”: {
“b2lkY190ZXN0Y2xpZW50MDAxMTIxMzE=”: “5b6aa5868c99344fbf1cc349”
}
}
],
“segregate_by_client”: true
},
“oauth_meta”: {
“allowed_access_types”: [],
“allowed_authorize_types”: [],
“auth_login_redirect”: “”
},
“auth”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “”,
“use_certificate”: false
},
“use_basic_auth”: false,
“use_mutual_tls_auth”: false,
“client_certificates”: [],
“upstream_certificates”: {},
“enable_jwt”: false,
“use_standard_auth”: false,
“enable_coprocess_auth”: false,
“jwt_signing_method”: “”,
“jwt_source”: “”,
“jwt_identity_base_field”: “”,
“jwt_client_base_field”: “”,
“jwt_policy_field_name”: “”,
“notifications”: {
“shared_secret”: “”,
“oauth_on_keychange_url”: “”
},
“enable_signature_checking”: false,
“hmac_allowed_clock_skew”: -1,
“base_identity_provided_by”: “”,
“definition”: {
“location”: “header”,
“key”: “x-api-version”
},
“version_data”: {
“not_versioned”: true,
“default_version”: “”,
“versions”: {
“Default”: {
“name”: “Default”,
“expires”: “”,
“paths”: {
“ignored”: [],
“white_list”: [],
“black_list”: []
},
“use_extended_paths”: true,
“extended_paths”: {
“white_list”: [
{
“path”: “/boardexchangerate”,
“method_actions”: {
“GET”: {
“action”: “no_action”,
“code”: 200,
“data”: “”,
“headers”: {}
}
}
}
]
},
“global_headers”: {},
“global_headers_remove”: [],
“global_size_limit”: 0,
“override_target”: “”
}
}
},
“uptime_tests”: {
“check_list”: [],
“config”: {
“expire_utime_after”: 0,
“service_discovery”: {
“use_discovery_service”: false,
“query_endpoint”: “”,
“use_nested_query”: false,
“parent_data_path”: “”,
“data_path”: “”,
“port_data_path”: “”,
“target_path”: “”,
“use_target_list”: false,
“cache_timeout”: 60,
“endpoint_returns_list”: false
},
“recheck_wait”: 0
}
},
“proxy”: {
“preserve_host_header”: false,
“listen_path”: “/oidc-test1/”,
“target_url”: “http://xxx.xxx.xxx.xxx:8182”,
“strip_listen_path”: true,
“enable_load_balancing”: false,
“target_list”: [],
“check_host_against_uptime_tests”: false,
“service_discovery”: {
“use_discovery_service”: false,
“query_endpoint”: “”,
“use_nested_query”: false,
“parent_data_path”: “”,
“data_path”: “”,
“port_data_path”: “”,
“target_path”: “”,
“use_target_list”: false,
“cache_timeout”: 0,
“endpoint_returns_list”: false
}
},
“disable_rate_limit”: false,
“disable_quota”: false,
“custom_middleware”: {
“pre”: [],
“post”: [],
“post_key_auth”: [],
“auth_check”: {
“name”: “”,
“path”: “”,
“require_session”: false
},
“response”: [],
“driver”: “”,
“id_extractor”: {
“extract_from”: “”,
“extract_with”: “”,
“extractor_config”: {}
}
},
“custom_middleware_bundle”: “”,
“cache_options”: {
“cache_timeout”: 60,
“enable_cache”: false,
“cache_all_safe_requests”: false,
“cache_response_codes”: [],
“enable_upstream_cache_control”: false,
“cache_control_ttl_header”: “”
},
“session_lifetime”: 0,
“active”: true,
“auth_provider”: {
“name”: “”,
“storage_engine”: “”,
“meta”: {}
},
“session_provider”: {
“name”: “”,
“storage_engine”: “”,
“meta”: {}
},
“event_handlers”: {
“events”: {}
},
“enable_batch_request_support”: false,
“enable_ip_whitelisting”: false,
“allowed_ips”: [],
“dont_set_quota_on_create”: false,
“expire_analytics_after”: 0,
“response_processors”: [],
“CORS”: {
“enable”: false,
“allowed_origins”: [],
“allowed_methods”: [],
“allowed_headers”: [],
“exposed_headers”: [],
“allow_credentials”: false,
“max_age”: 24,
“options_passthrough”: false,
“debug”: false
},
“domain”: “”,
“do_not_track”: false,
“tags”: [],
“enable_context_vars”: false,
“config_data”: {},
“tag_headers”: [],
“global_rate_limit”: {
“rate”: 0,
“per”: 0
},
“strip_auth_data”: false
}

Does one oidc client can only register one api?