Generate access token with cleint_credentials access type

Hello I post this in stackoverflow yesterday about generating access token with client_credentials grant type using tyk gateway. oauth - Tyk Ouath2 flow client_credentials ERROR: Couldn't use policy or key rules to create token, failing - Stack Overflow

any idea to resolve this please

While you created a policy, I do not see that you set it anywhere.

In your case, you should additionally pass “policyid” attribute when creating oAuth client.

Let me know if it works.

1 Like

Sorry same problem even with adding policy_id when creating oauth_client this my curl:

curl -X POST \
  http://localhost:8082/tyk/oauth/clients/create \
  -H 'content-type: application/json' \
  -H 'x-tyk-authorization: 352d20ee67be67f6341b4c0605b044b8' \
  -d '{
"api_id": "openApi",
 "redirect_uri": "",
 "policy_id" : "default"

the response:
“client_id”: “14b2ac609a35405169ee3804db1ab406”,
“redirect_uri”: “”,
“api_id”: “”,
“policy_id”: “default”,
“secret”: “ZDI3N2JlNmYtMjc1MC00MzRhLTZhZWYtZWE2MmE3MWQ5Mjg5”

Can you share the log rom your gateway? The policy might not be loading.

time="Jan 10 08:45:54" level=info msg="Initiating reload" 
time="Jan 10 08:45:54" level=info msg="Reload URL Structure - Scheduled" 
time="Jan 10 08:46:04" level=info msg="Loading API Specification from /USR/newtprod/tyk/apps/app_api_oauth_v2_oauth2.json" 
time="Jan 10 08:46:04" level=info msg="Detected 1 APIs" 
time="Jan 10 08:46:04" level=info msg="Loading API configurations." 
time="Jan 10 08:46:04" level=info msg="--> Loading API: api_oauth_v2_oauth2" 
time="Jan 10 08:46:04" level=info msg="----> Tracking: (no host)" 
time="Jan 10 08:46:04" level=info msg="----> Checking security policy: OAuth" 
time="Jan 10 08:46:04" level=info msg="----> Setting Listen Path: /hub/v2/" 
time="Jan 10 08:46:04" level=info msg="Loading uptime tests..." 
time="Jan 10 08:46:04" level=info msg="Initialised API Definitions" 
time="Jan 10 08:46:04" level=info msg="API reload complete" 
time="Jan 10 08:59:24" level=info msg="Getting client ID:14b2ac609a35405169ee3804db1ab406" 
time="Jan 10 08:59:24" level=info msg="[OAuth] Generating new token" 
time="Jan 10 08:59:24" level=error msg="ERROR: Couldn't use policy or key rules to create token, failing"

Interesting, there should be policies listed in the output, it would look like this:

Policies found (%d total):"

Can you grep for any errors in the log that look like:

Couldn't open policy file


Couldn't unmarshal policies

Both will have a suffix that will inform the error.

1 Like

Thank you for helping me, now it works i wanna notify everyone that you need to restart the tyk service for any changes on policies.

I think a simple tyk reload is insufficient for loading policies on memory.

Another question how to modify the expires ttl of generated access token with client_credentials access type? which parameter should i add or modify on my policoes.json file ?


I believe these tokens take on the expiry set in the policy key_expires_in field

Thank you for help, I published a full tutorial describing the way to establish an Oauth2 application flow with Tyk:

1 Like