Hello I post this in stackoverflow yesterday about generating access token with client_credentials grant type using tyk gateway. oauth - Tyk Ouath2 flow client_credentials ERROR: Couldn't use policy or key rules to create token, failing - Stack Overflow
any idea to resolve this please
thanks
leon
January 9, 2018, 3:53pm
2
While you created a policy, I do not see that you set it anywhere.
In your case, you should additionally pass “policyid” attribute when creating oAuth client.
Let me know if it works.
1 Like
Sorry same problem even with adding policy_id when creating oauth_client this my curl:
curl -X POST \
http://localhost:8082/tyk/oauth/clients/create \
-H 'content-type: application/json' \
-H 'x-tyk-authorization: 352d20ee67be67f6341b4c0605b044b8' \
-d '{
"api_id": "openApi",
"redirect_uri": "http://www.sdfsfsf.fr",
"policy_id" : "default"
}'
the response:
{
“client_id”: “14b2ac609a35405169ee3804db1ab406”,
“redirect_uri”: “http://www.sdfsfsf.fr ”,
“api_id”: “”,
“policy_id”: “default”,
“secret”: “ZDI3N2JlNmYtMjc1MC00MzRhLTZhZWYtZWE2MmE3MWQ5Mjg5”
}
Martin
January 10, 2018, 12:05am
4
Can you share the log rom your gateway? The policy might not be loading.
time="Jan 10 08:45:54" level=info msg="Initiating reload"
time="Jan 10 08:45:54" level=info msg="Reload URL Structure - Scheduled"
time="Jan 10 08:46:04" level=info msg="Loading API Specification from /USR/newtprod/tyk/apps/app_api_oauth_v2_oauth2.json"
time="Jan 10 08:46:04" level=info msg="Detected 1 APIs"
time="Jan 10 08:46:04" level=info msg="Loading API configurations."
time="Jan 10 08:46:04" level=info msg="--> Loading API: api_oauth_v2_oauth2"
time="Jan 10 08:46:04" level=info msg="----> Tracking: (no host)"
time="Jan 10 08:46:04" level=info msg="----> Checking security policy: OAuth"
time="Jan 10 08:46:04" level=info msg="----> Setting Listen Path: /hub/v2/"
time="Jan 10 08:46:04" level=info msg="Loading uptime tests..."
time="Jan 10 08:46:04" level=info msg="Initialised API Definitions"
time="Jan 10 08:46:04" level=info msg="API reload complete"
time="Jan 10 08:59:24" level=info msg="Getting client ID:14b2ac609a35405169ee3804db1ab406"
time="Jan 10 08:59:24" level=info msg="[OAuth] Generating new token"
time="Jan 10 08:59:24" level=error msg="ERROR: Couldn't use policy or key rules to create token, failing"
Martin
January 11, 2018, 12:14am
6
Interesting, there should be policies listed in the output, it would look like this:
Policies found (%d total):"
Can you grep for any errors in the log that look like:
Couldn't open policy file
Or:
Couldn't unmarshal policies
Both will have a suffix that will inform the error.
1 Like
Thank you for helping me, now it works i wanna notify everyone that you need to restart the tyk service for any changes on policies.
I think a simple tyk reload is insufficient for loading policies on memory.
Another question how to modify the expires ttl of generated access token with client_credentials access type? which parameter should i add or modify on my policoes.json file ?
Thanks
Martin
January 30, 2018, 5:01am
8
I believe these tokens take on the expiry set in the policy key_expires_in
field
Thank you for help, I published a full tutorial describing the way to establish an Oauth2 application flow with Tyk:
1 Like