Error while calling /oauth/authorize/ endpoint

MrImport · January 19, 2016, 9:15pm

Imported Google Group message. Original thread at: Redirecting to Google Groups Import Date: 2016-01-19 21:15:26 +0000.
Sender:Pascal Combescot.
Date:Thursday, 11 June 2015 09:46:28 UTC+1.

Hi,

I am trying to set up oauth on a test API, and when I call the /oauth/authorize/ endpoint, I have the following error :
{“status”:“error”,“error”:“The authorization server encountered an unexpected condition that prevented it from fulfilling the request.”}

I don’t get if Tyk does not find the client_id parameter or Tyk does not find this client ID for the API

I have successfully created a new client :

$ curl -H “X-Tyk-Authorization: 352d20ee67be67f6341b4c0605b044b7” --data ‘{“api_id”: “2”, “redirect_uri”: “http://posttestserver.com/post.php?dir=client_api”}’ http://localhost:8080/tyk/oauth/clients/create
{“client_id”:“e9fc0287486f4bf460adc2d078eb9aee”,“secret”:“YTZjYTk3ODQtYjZhOC00MjY5LTQ4MTYtMTA0N2UxOTNjNTdh”,“redirect_uri”:“http://posttestserver.com/post.php?dir=client_api”}

I can see it in the list of oauth clients

$ curl -H “X-Tyk-Authorization: 352d20ee67be67f6341b4c0605b044b7” http://localhost:8080/tyk/oauth/clients/2/
[{“client_id”:“e9fc0287486f4bf460adc2d078eb9aee”,“secret”:“YTZjYTk3ODQtYjZhOC00MjY5LTQ4MTYtMTA0N2UxOTNjNTdh”,“redirect_uri”:“http://posttestserver.com/post.php?dir=client_api”}]

But when I am trying to POST on the /oauth/authorize/ endpoint I get the following error :

$ curl -d “response_type=code&client_id=e9fc0287486f4bf460adc2d078eb9aee&redirect_uri=http%3A%2F%2Fposttestserver.com%2Fpost.php%3Fdir%3Dclient_api” http://localhost:8080/APPID/oauth/authorize/
{“status”:“error”,“error”:“The authorization server encountered an unexpected condition that prevented it from fulfilling the request.”}

Same problem when I try to call the /tyk/oauth/authorize-client/ endpoint

In the logs I have the following message :

time=“2015-06-11T10:05:11+02:00” level=error msg=“Failure retreiving client ID key”
time=“2015-06-11T10:05:11+02:00” level=error msg=“Key not found”
ERROR: Key not found
time=“2015-06-11T10:05:11+02:00” level=error msg=“There was an error with the request”
time=“2015-06-11T10:05:11+02:00” level=error msg=“&{0 403 The authorization server encountered an unexpected condition that prevented it from fulfilling the request. 403 map[error:server_error error_description:The authorization server encountered an unexpected condition that prevented it from fulfilling the request.] map[Cache-Control:[no-store]] true Key not found false {0xc2087acb60 0xc2085c9da0}}”

Here is my app_oauth2.json :
{
“name”: “OAuth Test API”,
“api_id”: “2”,
“org_id”: “”,
…
“use_oauth2”: true,
“oauth_meta”: {
“allowed_access_types”: [
“authorization_code”,
“refresh_token”
],
“allowed_authorize_types”: [
“code”,
“token”
],
“auth_login_redirect”: “http://posttestserver.com/post.php?dir=gateway_authorization”
},
“notifications”: {
“shared_secret”: “9878767657654343123434556564444”,
“oauth_on_keychange_url”: “http://posttestserver.com/post.php?dir=oauth_notifications”
},
“proxy”: {
“listen_path”: “/APPID/”,
“target_url”: “http://lonelycode.com”,
“strip_listen_path”: false
},
…
}

Thanks in advance

Pascal

MrImport · January 19, 2016, 9:15pm

Imported Google Group message.
Sender:Martin Buhr.
Date:Thursday, 11 June 2015 16:18:59 UTC+1.

Ah, Tyk 1.5 and the older dashboard might have had a bug in the client ID handling code. Very embarassing.

I’d try upgrading to 1.6 and then re-create, if it still doesn’t work, I’ll dive into the code to see if it’s (another) bug

Thanks,
Martin

MrImport · January 19, 2016, 9:15pm

Imported Google Group message.
Sender:Pascal Combescot.
Date:Thursday, 11 June 2015 11:14:31 UTC+1.

Hi,

I notice the curl command uses APPID instead of ‘2’ as defined in the definition file. Just want to make sure that’s not a typo

Also, what version are you running?

Thanks,
Martin

MrImport · January 19, 2016, 9:15pm

Imported Google Group message.
Sender:Martin Buhr.
Date:Thursday, 11 June 2015 11:25:59 UTC+1.

Hi,

Disregard the APPID stuff - didn’t read the confit properly.

Can you try while also using an org_id for your API, Tyk uses this for key space segmentation.

You will need to recreate your clients though.

Thanks,
Martin

MrImport · January 19, 2016, 9:15pm

Imported Google Group message.
Sender:Martin Buhr.
Date:Thursday, 11 June 2015 15:56:12 UTC+1.

Hi,

I hava added an org_id and I still have the same problem

{
“name”: “OAuth Test API”,
“api_id”: “2”,
“org_id”: “1”,

MrImport · January 19, 2016, 9:15pm

Imported Google Group message.
Sender:Pascal Combescot.
Date:Thursday, 11 June 2015 15:56:54 UTC+1.

I’m running tyk 1.5

Thanks for your quick reply though

MrImport · January 19, 2016, 9:15pm

Imported Google Group message.
Sender:Pascal Combescot.
Date:Thursday, 11 June 2015 16:18:59 UTC+1.

Ah, Tyk 1.5 and the older dashboard might have had a bug in the client ID handling code. Very embarassing.

I’d try upgrading to 1.6 and then re-create, if it still doesn’t work, I’ll dive into the code to see if it’s (another) bug

Thanks,
Martin

MrImport · January 19, 2016, 9:15pm

Imported Google Group message.
Sender:Martin Buhr.
Date:Thursday, 11 June 2015 16:21:19 UTC+1.

It works with tyk 1.6 …

Sorry for the inconvenience