Appear "Bearer token malformed" error for OAuth 2

lms008 · September 3, 2018, 6:21am

I 'm try get Access token using the follow:

curl -X POST http://10.4.2.98:8080/testapi10/oauth/token/ -H ‘Authorization: Basic YWRtaW5AZGVmYXVsdC5jb206ZXhjZWwxMjM=’ -H ‘Content-type: application/x-www-form-urlencoded’ -d ‘client_id=e7ae40b893924ac29aca22f1fcb39871&client_secret=OWNkMmY5Y2YtNDQ1My00Mjg3LWI0YWQtYWRlZGQxNzQ4MjRj&grant_type=client_credentials’
based in doc https://tyk.io/docs/tyk-api-gateway-v-2-0/access-control/oauth-2-0/

but , get the error message:
{
“error”: “Bearer token malformed”
}

check the Gateway log as follow:
tyk: time=“Sep 3 14:02:18” level=info msg=“Loading uptime tests…”
tyk: time=“Sep 3 14:02:18” level=info msg=“Initialised API Definitions”
tyk: time=“Sep 3 14:02:18” level=info msg=“API reload complete”
tyk: time=“Sep 3 14:02:18” level=info msg=“reload: complete”
tyk: time=“Sep 3 14:02:18” level=info msg=“Initiating coprocess reload”
tyk: time=“Sep 3 14:02:28” level=error msg=“Error trying to get filtered client keys: ERR wrong number of arguments for ‘mget’ command”
tyk: time=“Sep 3 14:02:28” level=info msg=“Retrieved OAuth client list” apiID=2732ae415c3944a554fa5daa19b10805 status=ok
tyk: time=“Sep 3 14:08:02” level=info msg=“Created OAuth client” apiID=2732ae415c3944a554fa5daa19b10805 clientID=e7ae40b893924ac29aca22f1fcb39871 clientRedirectURI=“http://client.oauth.com” policyID=5b88c1d8e138230c54c37e98 status=ok
tyk: time=“Sep 3 14:08:02” level=info msg=“Retrieved OAuth client list” apiID=2732ae415c3944a554fa5daa19b10805 status=ok
tyk: time=“Sep 3 14:08:07” level=info msg=“Retrieved OAuth client ID” apiID=2732ae415c3944a554fa5daa19b10805 client=e7ae40b893924ac29aca22f1fcb39871 status=ok
tyk: time=“Sep 3 14:08:07” level=info msg=“Retrieved OAuth client ID” apiID=2732ae415c3944a554fa5daa19b10805 client=e7ae40b893924ac29aca22f1fcb39871 status=ok
systemd: Started Session 41 of user root.
systemd: Starting Session 41 of user root.
tyk: time=“Sep 3 14:10:08” level=info msg=“Bearer token malformed” origin=10.4.2.98 path=“/testapi10/oauth/token/”
tyk-pump: time=“Sep 3 14:10:16” level=info msg=“Writing 1 records”
tyk-pump: time=“Sep 3 14:10:16” level=info msg=“Purging 1 records”

I added the OAuth client , policy as mentioned in the mentioned doc.

Please let me know if i’m missing something here.

Thanks
MeiSheng

lms008 · September 3, 2018, 6:22am

API Definition as follow:
{
“api_model”: {},
“api_definition”: {
“api_id”: “2732ae415c3944a554fa5daa19b10805”,
“upstream_certificates”: {},
“use_keyless”: false,
“enable_coprocess_auth”: false,
“jwt_disable_issued_at_validation”: false,
“custom_middleware”: {
“pre”: [],
“post”: [],
“post_key_auth”: [],
“auth_check”: {
“name”: “”,
“path”: “”,
“require_session”: false
},
“response”: [],
“driver”: “”,
“id_extractor”: {
“extract_from”: “”,
“extract_with”: “”,
“extractor_config”: {}
}
},
“disable_quota”: false,
“custom_middleware_bundle”: “”,
“cache_options”: {
“cache_timeout”: 60,
“enable_cache”: true,
“cache_all_safe_requests”: false,
“cache_response_codes”: [],
“enable_upstream_cache_control”: false,
“cache_control_ttl_header”: “”
},
“enable_ip_blacklisting”: false,
“tag_headers”: [],
“pinned_public_keys”: {},
“expire_analytics_after”: 0,
“domain”: “”,
“openid_options”: {
“providers”: [],
“segregate_by_client”: false
},
“active”: true,
“config_data”: {},
“notifications”: {
“shared_secret”: “352d20ee67be67f6340b4c0605b044b7”,
“oauth_on_keychange_url”: “http://10.4.2.98:3000/oauth//tyknotify”
},
“auth”: {
“auth_header_name”: “Authorization”,
“use_certificate”: false
},
“check_host_against_uptime_tests”: false,
“auth_provider”: {
“name”: “”,
“storage_engine”: “”,
“meta”: {}
},
“blacklisted_ips”: [],
“hmac_allowed_clock_skew”: -1,
“dont_set_quota_on_create”: false,
“uptime_tests”: {
“check_list”: [],
“config”: {
“expire_utime_after”: 0,
“service_discovery”: {
“use_discovery_service”: false,
“query_endpoint”: “”,
“use_nested_query”: false,
“parent_data_path”: “”,
“data_path”: “”,
“cache_timeout”: 60
},
“recheck_wait”: 0
}
},
“enable_jwt”: false,
“do_not_track”: false,
“name”: “TestApi10”,
“jwt_disable_expires_at_validation”: false,
“slug”: “testapi10”,
“oauth_meta”: {
“allowed_access_types”: [
“authorization_code”,
“refresh_token”,
“password”,
“client_credentials”
],
“allowed_authorize_types”: [
“token”,
“code”
],
“auth_login_redirect”: “http://10.4.2.98:3000/oauth/login”
},
“CORS”: {
“enable”: false,
“max_age”: 24,
“allow_credentials”: true,
“exposed_headers”: [],
“allowed_headers”: [],
“options_passthrough”: true,
“debug”: false,
“allowed_origins”: [
“*”
],
“allowed_methods”: [
“GET”,
“POST”
]
},
“event_handlers”: {
“events”: {}
},
“proxy”: {
“target_url”: “https://httpbin.org/get”,
“endpoint_returns_list”: false,
“cache_timeout”: 0,
“parent_data_path”: “”,
“service_discovery”: {
“endpoint_returns_list”: false,
“cache_timeout”: 0,
“parent_data_path”: “”,
“query_endpoint”: “”,
“use_discovery_service”: false,
“target_path”: “”,
“use_target_list”: false,
“use_nested_query”: false,
“data_path”: “”,
“port_data_path”: “”
},
“check_host_against_uptime_tests”: false,
“transport”: {
“ssl_ciphers”: [],
“ssl_min_version”: 0,
“proxy_url”: “”
},
“target_list”: [],
“query_endpoint”: “”,
“use_discovery_service”: false,
“_sd_show_port_path”: false,
“preserve_host_header”: false,
“use_target_list”: false,
“strip_listen_path”: true,
“use_nested_query”: false,
“data_path”: “”,
“port_data_path”: “”,
“enable_load_balancing”: false,
“listen_path”: “/testapi10”
},
“client_certificates”: [],
“use_basic_auth”: false,
“version_data”: {
“not_versioned”: true,
“default_version”: “”,
“versions”: {
“Default”: {
“name”: “Default”,
“expires”: “”,
“paths”: {
“ignored”: [],
“white_list”: [],
“black_list”: []
},
“use_extended_paths”: true,
“extended_paths”: {
“ignored”: [],
“white_list”: [],
“black_list”: [],
“transform”: [],
“transform_response”: [],
“transform_jq”: [],
“transform_jq_response”: [],
“transform_headers”: [],
“transform_response_headers”: [],
“hard_timeouts”: [],
“circuit_breakers”: [],
“url_rewrites”: [],
“virtual”: [],
“size_limits”: [],
“method_transforms”: [],
“track_endpoints”: [],
“do_not_track_endpoints”: [],
“validate_json”: []
},
“global_headers”: {},
“global_headers_remove”: [],
“global_size_limit”: 0,
“override_target”: “”
}
}
},
“use_standard_auth”: false,
“session_lifetime”: 0,
“disable_rate_limit”: false,
“definition”: {
“location”: “header”,
“key”: “x-api-version”,
“strip_path”: false
},
“use_oauth2”: true,
“allowed_ips”: [],
“org_id”: “5b6a9a6ae138230df675f3c0”,
“enable_ip_whitelisting”: false,
“global_rate_limit”: {
“rate”: 1000,
“per”: 200
},
“enable_context_vars”: false,
“tags”: [],
“session_provider”: {
“name”: “”,
“storage_engine”: “”,
“meta”: {}
},
“strip_auth_data”: false,
“id”: “5b8cce2ee1382310a627c08a”,
“enable_signature_checking”: false,
“use_openid”: false,
“enable_batch_request_support”: false,
“jwt_disable_not_before_validation”: false,
“response_processors”: [],
“use_mutual_tls_auth”: false
},
“hook_references”: [],
“is_site”: false,
“sort_by”: 0
}

Josh · September 3, 2018, 8:16am

Hi
your auth header needs to start bearer not Basic

lms008 · September 3, 2018, 8:41am

hi ,Josh.
After change the Basic to bearer, detail as follow:
curl -X POST http://10.4.2.98:8080/testapi10/oauth/token/ - ‘Authorization: bearer YWRtaW5AZGVmYXVsdC5jb206ZXhjZWwxMjM=’ -H ‘Content-type: application/x-www-form-urlencoded’ -d ‘client_id=d8db527d1e764775bf034cfff6c63e21&client_secret=NWNmZjZmNjgtODgxNy00MTg0LTkzNjgtODQ4MWY4ZWFjMzUw&grant_type=client_credentials’
{
“error”: “Key not authorised”
}

Gateway log as follow:
localhost tyk: time=“Sep 3 16:29:46” level=warning msg=“Key not found in storage engine” err=“key not found” inbound-key=“****MjM=”
localhost tyk: time=“Sep 3 16:29:46” level=info msg=“Attempted access with non-existent key.” key=“” origin=10.4.2.98 path=“/testapi10/oauth/token/”
localhost tyk-pump: time=“Sep 3 16:29:46” level=info msg=“Writing 1 records”
localhost tyk-pump: time=“Sep 3 16:29:46” level=info msg=“Purging 1 records”

Also get Access token fail.