Getting "Bearer token malformed" for oauth2

ad123412 · September 7, 2017, 8:57pm

Hi,

I’m trying to generate the bearer token using the following,

curl -X POST
http://127.0.0.1:8888/hello-api/oauth/token/
-H ‘authorization: Basic b64(dba84a17ad54422c7e5dfbe3d8a5bcbc:ZGMxNzdjN2UtOTNlOC00MGIzLTU2Y2MtOWMzODk0YTNmYjA1)’
-H ‘content-type: application/x-www-form-urlencoded’
-d ‘grant_type=password&client_id=dba84a17ad54422c7e5dfbe3d8a5bcbc&[email protected]&password=ad123412’

as provided in https://docs.google.com/document/d/17Eon4K1QQ6-2xl0BXft2k8WYsL7KJkS2duCYje88WVA/pub

but, I’m getting the following error,

{
“error”: “Bearer token malformed”
}

I added the client , policy as mentioned in the mentioned doc.

Please let me know if i’m missing something here.

Thanks,
Abhishek

Martin · September 7, 2017, 9:08pm

Take a look at this document which goes through most of the oauth flows with examples

ad123412 · September 7, 2017, 9:23pm

Hi Martin,

Yes I followed the same document only.

And I’m trying for grant_type=password

Thanks,
Abhishek

ad123412 · September 8, 2017, 3:03am

Hi Martin,

Do i need to enable something in tyk config.

Thanks,
Abhishek

Martin · September 8, 2017, 3:19am

Why is there b64() in there? Are you sending that as part of the curl request??

You’re meant to base64 encode the username:password - it’s the spec… if that’s what you are sending then it’s no wonder ts not working…

ad123412 · September 8, 2017, 4:17am

Hi Martin,

Thanks for identifying the mistake. I’ve encoded the string (2443d99812b844e5797d23b682b6a3a5:ZmIzZWViZWYtZGEzNy00N2FiLTUxNTctY2U0MjU2MDZlODQ1) in base64 and then used that in the curl

but even after changing I’m getting the same error for both password and client_credentials grant,

curl -X POST
http://127.0.0.1:8888/hello-api/oauth/token/
-H ‘authorization: Basic MjQ0M2Q5OTgxMmI4NDRlNTc5N2QyM2I2ODJiNmEzYTU6Wm1JelpXVmlaV1l0WkdFek55MDBOMkZpTFRVeE5UY3RZMlUwTWpVMk1EWmxPRFEx’
-H ‘content-type: application/x-www-form-urlencoded’
-d ‘grant_type=client_credentials&client_id=2443d99812b844e5797d23b682b6a3a5&client_secret=ZmIzZWViZWYtZGEzNy00N2FiLTUxNTctY2U0MjU2MDZlODQ1’

curl -X POST
http://127.0.0.1:8888/hello-api/oauth/token/
-H ‘authorization: Basic MjQ0M2Q5OTgxMmI4NDRlNTc5N2QyM2I2ODJiNmEzYTU6Wm1JelpXVmlaV1l0WkdFek55MDBOMkZpTFRVeE5UY3RZMlUwTWpVMk1EWmxPRFEx’
-H ‘content-type: application/x-www-form-urlencoded’
-d ‘grant_type=password&client_id=2443d99812b844e5797d23b682b6a3a5&[email protected]&password=ad123412’

Thanks,
Abhishek

Martin · September 8, 2017, 4:51am

Ok, so for one, the password grant requires you create a basic auth user, not just encode the client ID and secret.

So I’d suggest to just try and debug the client credentials call because the one for password is completely wrong and you missed a step in the doc for that type (where it says “create a user”)

One thing that is incorrect in the doc is that the Client must have a redirect URL even if it isn’t used.

Does your client have a redirect URL set?

ad123412 · September 8, 2017, 5:06am

Hi Martin,

Yes for password, I created a basic auth user as mentioned in the doc and I’m passing them in the curl request also,

curl -X POST
http://127.0.0.1:8888/hello-api/oauth/token/ \

-H ‘authorization: Basic
MjQ0M2Q5OTgxMmI4NDRlNTc5N2QyM2I2ODJiNmEzYTU6Wm1JelpXVmlaV1l0WkdFek55MDBOMkZpTFRVeE5UY3RZMlUwTWpVMk1EWmxPRFEx’

-H ‘content-type: application/x-www-form-urlencoded’
-d ‘grant_type=password&client_id=2443d99812b844e5797d23b682b6a3a5&[email protected]&password=ad123412’

and also while creating the client i entered the redirected url as an arbitrary one “http://example.com”

Martin · September 8, 2017, 5:12am

Ok… still, it is easier to debug one problem than two.

This is not the port of the docker quickstart, the docker quickstart uses port 8080. Have you modified it?

ad123412 · September 8, 2017, 5:15am

yes, i modified before installing it.

Martin · September 8, 2017, 5:34am

Right, did you modify the tyk.conf and the tyk_analytics.conf to reflect those changes?

If so - all good, otherwise the gateway will not pick up changes properly.

I tried your curl command, but what you’ve put into the editor here has line breaks in really odd places, I tried this on our cloud (with new user, client and API, and the command worked fine.

When you use the curl command, are you getting rid of all the newlines? i.e.:

curl -X POST http://GATEWAY/oauth-password/oauth/token/ -H 'authorization: Basic ENCODEDCLIENTANDSECRET' -H 'content-type: application/x-www-form-urlencoded' -d 'grant_type=password&client_id=CLIENTID&username=USERNAME&password=PASSWORD'

ad123412 · September 8, 2017, 6:21am

Hi Martin,

Yes, I changed it both the places tyk and tyk analysis conf before installing.

Now i tried with the following, but no luck

curl -X POST http://127.0.0.1:8888/hello-api/oauth/token/ -H ‘authorization: Basic MjQ0M2Q5OTgxMmI4NDRlNTc5N2QyM2I2ODJiNmEzYTU6Wm1JelpXVmlaV1l0WkdFek55MDBOMkZpTFRVeE5UY3RZMlUwTWpVMk1EWmxPRFEx’ -H ‘content-type: application/x-www-form-urlencoded’ -d ‘grant_type=client_credentials&client_id=2443d99812b844e5797d23b682b6a3a5&client_secret=ZmIzZWViZWYtZGEzNy00N2FiLTUxNTctY2U0MjU2MDZlODQ1’

Now I’m only using 'grant_type=client_credentials.

Thanks,
Abhishek

ad123412 · September 8, 2017, 11:14am

Hi Martin,

Surprisingly, now i’ve created a new API with oauth2 password only.

Now I’m getting the following issue,

curl -X POST http://127.0.0.1:8888/oauth2-api/oauth/token/ -H ‘authorization: Basic Y2RjMTJjMzQ1ZDZhNDY2ZDczYzEyYmZkMmU1MDNhN2M6TkRRME9XRXpZakF0WXpJMk5pMDBOV0U1TFRkak5XVXRaV1ptWVRSbVpXVTNaakV6’ -H ‘content-type: application/x-www-form-urlencoded’ -d ‘grant_type=password&client_id=cdc12c345d6a466d73c12bfd2e503a7c&[email protected]&password=ad123412’

response :: 404 page not found

Not sure why I’m getting that

Martin · September 8, 2017, 8:14pm

Your gateway is not talking to the dashboard - can you share your gatewayvlogs?

lms008 · September 4, 2018, 7:12am

Hello, Martin. When I refer the doc :OAuth and Tyk [EXT - DRAFT] - Google Docs to getting Access token for OAuth2 also appear the same error:
[root@localhost ~]# curl -X POST http://10.4.2.98:8080/testapi10/oauth/token/ -H ‘authorization: Basic YmI5NDJmZTg3NjhmNDNiYzk1NTNjOTMxZjYzYjJmNTI6WVdFeU16SXpPRFV0TW1Zek15MDBNekk1TFdGak5UTXRZamMwTmpWa1lXRXdNR1Jp’ -H ‘content-type: application/x-www-form-urlencoded’ -d ‘grant_type=client_credentials&client_id=bb942fe8768f43bc9553c931f63b2f52&client_secret=YWEyMzIzODUtMmYzMy00MzI5LWFjNTMtYjc0NjVkYWEwMGRi’
{
“error”: “Bearer token malformed”
}

the Gatewag log as follow:
systemd: Started Tyk API Gateway.
systemd: Starting Tyk API Gateway…
tyk: time=“Sep 4 15:07:24” level=info msg=“Setting up analytics normaliser”
tyk: time=“Sep 4 15:07:24” level=info msg=“PIDFile location set to: ./tyk-gateway.pid”
tyk: time=“Sep 4 15:07:24” level=info msg=“Initialising Tyk REST API Endpoints”
tyk: time=“Sep 4 15:07:24” level=warning msg=“File descriptor limit 1024 too low for production use. Min 80000 recommended.\n\tThis could have a significant negative impact on performance.\n\tPlease refer to //tyk.io/docs/planning-for-production/ for further guidance.”
tyk: time=“Sep 4 15:07:24” level=info msg=“Redis connection pools are ready after number of retires” currRetry=0
tyk: time=“Sep 4 15:07:24” level=info msg=“Redis connection pools are ready”
tyk: time=“Sep 4 15:07:24” level=info msg=“–> Standard listener (http)” port=“:8080”
tyk: time=“Sep 4 15:07:24” level=info msg=“Setting up Server”
tyk: time=“Sep 4 15:07:24” level=info msg=“Waiting for zeroconf signal…”
tyk: time=“Sep 4 15:07:24” level=info msg=“Starting Poller”
tyk: time=“Sep 4 15:07:26” level=warning msg=“Insecure configuration detected (allowing)!”
tyk: time=“Sep 4 15:07:26” level=info msg=“Hostname set with dashboard zeroconf signal”
tyk: time=“Sep 4 15:07:26” level=info msg=“Registering node.”
tyk: time=“Sep 4 15:07:26” level=info msg=“Node registered” id=cead9e69-1d86-47aa-68c1-24e6cdb69146
tyk: time=“Sep 4 15:07:26” level=info msg=“Gateway started (v2.7.0)”
tyk: time=“Sep 4 15:07:26” level=info msg=“Initialising distributed rate limiter”
tyk: time=“Sep 4 15:07:26” level=info msg=“–> Listening on address: (open interface)”
tyk: time=“Sep 4 15:07:26” level=info msg=“–> Listening on port: 8080”
tyk: time=“Sep 4 15:07:26” level=info msg=“–> PID: 28902”
tyk: time=“Sep 4 15:07:26” level=info msg=“Starting gateway rate limiter notifications…”
tyk: time=“Sep 4 15:07:26” level=info msg=“Loading policies”
tyk: time=“Sep 4 15:07:26” level=info msg=“Policies found (1 total):”
tyk: time=“Sep 4 15:07:26” level=info msg=" - default"
tyk: time=“Sep 4 15:07:27” level=error msg=“Could not parse expiry date for API” Expires=“01/02/3000” error=“parsing time "01/02/3000" as "2006-01-02 15:04": cannot parse "2/3000" as "2006"”
tyk: time=“Sep 4 15:07:27” level=info msg=“Detected 13 APIs”
tyk: time=“Sep 4 15:07:27” level=info msg=“Preparing new router”
tyk: time=“Sep 4 15:07:27” level=info msg=“Initialising Tyk REST API Endpoints”
tyk: time=“Sep 4 15:07:27” level=info msg=“Loading API configurations.”
tyk: time=“Sep 4 15:07:27” level=info msg=“Tracking hostname” api_name=TestTykAPI2 domain=“127.0.0.1:8080”
tyk: time=“Sep 4 15:07:27” level=info msg=“Tracking hostname” api_name=TestApi3 domain=“(no host)”
tyk: time=“Sep 4 15:07:27” level=info msg=“Tracking hostname” api_name=TestApi113 domain=“(no host)”
tyk: time=“Sep 4 15:07:27” level=info msg=“Tracking hostname” api_name=TestApi4 domain=“(no host)”
tyk: time=“Sep 4 15:07:27” level=info msg=“Tracking hostname” api_name=TestApi12 domain=“(no host)”
tyk: time=“Sep 4 15:07:27” level=info msg=“Tracking hostname” api_name=TestApi11 domain=“(no host)”
tyk: time=“Sep 4 15:07:27” level=info msg=“Tracking hostname” api_name=TestApi10 domain=“(no host)”
tyk: time=“Sep 4 15:07:27” level=info msg=“Tracking hostname” api_name=TestApi1 domain=10.4.2.98
tyk: time=“Sep 4 15:07:27” level=info msg=“Tracking hostname” api_name=TestApi9 domain=“(no host)”
tyk: time=“Sep 4 15:07:27” level=info msg=“Tracking hostname” api_name=TestApi8 domain=“(no host)”
tyk: time=“Sep 4 15:07:27” level=info msg=“Tracking hostname” api_name=TestApi6 domain=“(no host)”
tyk: time=“Sep 4 15:07:27” level=info msg=“Tracking hostname” api_name=TestApi5 domain=“(no host)”
tyk: time=“Sep 4 15:07:27” level=info msg=“Tracking hostname” api_name=TestApi7 domain=“(no host)”
tyk: time=“Sep 4 15:07:27” level=info msg=“Sub-router created for domain” domain=“127.0.0.1:8080”
tyk: time=“Sep 4 15:07:27” level=info msg=“Sub-router created for domain” domain=10.4.2.98
tyk: time=“Sep 4 15:07:27” level=info msg=“Loading API” api_name=TestApi7
tyk: time=“Sep 4 15:07:27” level=info msg=“Loading API” api_name=TestTykAPI2
tyk: time=“Sep 4 15:07:27” level=info msg=“Loading API” api_name=TestApi3
tyk: time=“Sep 4 15:07:27” level=info msg=“Loading API” api_name=TestApi113
tyk: time=“Sep 4 15:07:27” level=info msg=“Loading API” api_name=TestApi12
tyk: time=“Sep 4 15:07:27” level=info msg=“Loading API” api_name=TestApi11
tyk: time=“Sep 4 15:07:27” level=info msg=“Loading API” api_name=TestApi10
tyk: time=“Sep 4 15:07:27” level=info msg=“Loading API” api_name=TestApi1
tyk: time=“Sep 4 15:07:27” level=info msg=“Loading API” api_name=TestApi9
tyk: time=“Sep 4 15:07:27” level=info msg=“Loading API” api_name=TestApi8
tyk: time=“Sep 4 15:07:27” level=info msg=“Loading API” api_name=TestApi6
tyk: time=“Sep 4 15:07:27” level=info msg=“Loading API” api_name=TestApi5
tyk: time=“Sep 4 15:07:27” level=info msg=“Loading API” api_name=TestApi4
tyk: time=“Sep 4 15:07:27” level=info msg=“Checking security policy: Token” api_name=TestApi7
tyk: time=“Sep 4 15:07:27” level=info msg=“Loaded: TestApi7” api_id=e362b1ed931e476b61b36e6d0ad2e139 org_id=5b6a9a6ae138230df675f3c0 server_name=-- user_id=-- user_ip=–
tyk: time=“Sep 4 15:07:27” level=info msg=“Checking security policy: Token” api_name=TestTykAPI2
tyk: time=“Sep 4 15:07:27” level=info msg=“Loaded: TestTykAPI2” api_id=ae4a395744ee490449adceeb8d77a681 org_id=5b6a9a6ae138230df675f3c0 server_name=-- user_id=-- user_ip=–
tyk: time=“Sep 4 15:07:27” level=info msg=“Checking security policy: Token” api_name=TestApi3
tyk: time=“Sep 4 15:07:27” level=info msg=“Loaded: TestApi3” api_id=3554fe37244c47c24e0a780e928cfda2 org_id=5b6a9a6ae138230df675f3c0 server_name=-- user_id=-- user_ip=–
tyk: time=“Sep 4 15:07:27” level=info msg=“Checking security policy: OAuth” api_name=TestApi113
tyk: time=“Sep 4 15:07:27” level=info msg=“Loaded: TestApi113” api_id=3974ba1a1af84104607c9807e0ad6376 org_id=5b6a9a6ae138230df675f3c0 server_name=-- user_id=-- user_ip=–
tyk: time=“Sep 4 15:07:27” level=info msg=“Checking security policy: Basic” api_name=TestApi12
tyk: time=“Sep 4 15:07:27” level=info msg=“Loaded: TestApi12” api_id=224e4395e7fd4daf5df26862069f9bee org_id=5b6a9a6ae138230df675f3c0 server_name=-- user_id=-- user_ip=–
tyk: time=“Sep 4 15:07:27” level=info msg=“Checking security policy: OAuth” api_name=TestApi11
tyk: time=“Sep 4 15:07:27” level=info msg=“Loaded: TestApi11” api_id=ec6c2037fa39470b42f2627858e7fac2 org_id=5b6a9a6ae138230df675f3c0 server_name=-- user_id=-- user_ip=–
tyk: time=“Sep 4 15:07:27” level=info msg=“Checking security policy: OAuth” api_name=TestApi10
tyk: time=“Sep 4 15:07:27” level=info msg=“Loaded: TestApi10” api_id=2732ae415c3944a554fa5daa19b10805 org_id=5b6a9a6ae138230df675f3c0 server_name=-- user_id=-- user_ip=–
tyk: time=“Sep 4 15:07:27” level=info msg=“Checking security policy: Token” api_name=TestApi1
tyk: time=“Sep 4 15:07:27” level=info msg=“Loaded: TestApi1” api_id=4864fb9e35bf43f679167da6341fc277 org_id=5b6a9a6ae138230df675f3c0 server_name=-- user_id=-- user_ip=–
tyk: time=“Sep 4 15:07:27” level=info msg=“Checking security policy: Token” api_name=TestApi9
tyk: time=“Sep 4 15:07:27” level=info msg=“Loaded: TestApi9” api_id=7b09737d8dac4c5b55afad5925940ba8 org_id=5b6a9a6ae138230df675f3c0 server_name=-- user_id=-- user_ip=–
tyk: time=“Sep 4 15:07:27” level=info msg=“Checking security policy: OAuth” api_name=TestApi8
tyk: time=“Sep 4 15:07:27” level=info msg=“Loaded: TestApi8” api_id=579ae1d917a4493c5118a8bc6562d2ea org_id=5b6a9a6ae138230df675f3c0 server_name=-- user_id=-- user_ip=–
tyk: time=“Sep 4 15:07:27” level=info msg=“Checking security policy: Token” api_name=TestApi6
tyk: time=“Sep 4 15:07:27” level=info msg=“Loaded: TestApi6” api_id=23e094299c824eb86081943b3eb1739e org_id=5b6a9a6ae138230df675f3c0 server_name=-- user_id=-- user_ip=–
tyk: time=“Sep 4 15:07:27” level=info msg=“Checking security policy: Token” api_name=TestApi5
tyk: time=“Sep 4 15:07:27” level=info msg=“Loaded: TestApi5” api_id=1157755ac903493f53b8d2fcb5ca11a9 org_id=5b6a9a6ae138230df675f3c0 server_name=-- user_id=-- user_ip=–
tyk: time=“Sep 4 15:07:27” level=info msg=“Checking security policy: Open” api_name=TestApi4
tyk: time=“Sep 4 15:07:27” level=info msg=“Loaded: TestApi4” api_id=c9338e8eceec4c057e137fae18e17f9a org_id=5b6a9a6ae138230df675f3c0 server_name=-- user_id=-- user_ip=–
tyk: time=“Sep 4 15:07:27” level=info msg=“Processed and listening on: /Test-Tyk-API2/{rest:.}"
tyk: time=“Sep 4 15:07:27” level=info msg="Processed and listening on: /testapi3/test{rest:.}”
tyk: time=“Sep 4 15:07:27” level=info msg=“Processed and listening on: /testapi113{rest:.}"
tyk: time=“Sep 4 15:07:27” level=info msg="Processed and listening on: /testapi4/{rest:.}”
tyk: time=“Sep 4 15:07:27” level=info msg=“Processed and listening on: /testapi12{rest:.}"
tyk: time=“Sep 4 15:07:27” level=info msg="Processed and listening on: /testapi11{rest:.}”
tyk: time=“Sep 4 15:07:27” level=info msg=“Processed and listening on: /testapi10{rest:.}"
tyk: time=“Sep 4 15:07:27” level=info msg="Processed and listening on: /testapi1/{rest:.}”
tyk: time=“Sep 4 15:07:27” level=info msg=“Processed and listening on: /testapi9{rest:.}"
tyk: time=“Sep 4 15:07:27” level=info msg="Processed and listening on: /testapi8{rest:.}”
tyk: time=“Sep 4 15:07:27” level=info msg=“Processed and listening on: /testapi6{rest:.}"
tyk: time=“Sep 4 15:07:27” level=info msg="Processed and listening on: /testapi5{rest:.}”
tyk: time=“Sep 4 15:07:27” level=info msg=“Processed and listening on: /testapi7{rest:.*}”
tyk: time=“Sep 4 15:07:27” level=info msg=“Loading uptime tests…”
tyk: time=“Sep 4 15:07:27” level=info msg=“Initialised API Definitions”
tyk: time=“Sep 4 15:07:27” level=info msg=“API reload complete”
tyk-analytics: time=“Sep 4 15:07:29” level=info msg=“Sending config request for node: cead9e69-1d86-47aa-68c1-24e6cdb69146-localhost.localdomain”
tyk-analytics: time=“Sep 4 15:07:29” level=info msg=“Got configuration for nodeID: cead9e69-1d86-47aa-68c1-24e6cdb69146|localhost.localdomain”
localhost tyk: time=“Sep 4 15:09:53” level=info msg=“Bearer token malformed” origin=10.4.2.98 path=“/testapi10/oauth/token/”
Sep 4 15:10:01 localhost systemd: Started Session 218 of user root.
Sep 4 15:10:01 localhost systemd: Starting Session 218 of user root.
Sep 4 15:10:03 localhost tyk-pump: time=“Sep 4 15:10:03” level=info msg=“Writing 1 records”
Sep 4 15:10:03 localhost tyk-pump: time=“Sep 4 15:10:03” level=info msg=“Purging 1 records”

lms008 · September 4, 2018, 7:19am

The OAuth 2.0 it is import for we team.Martin, please help me to solve this problem.
the tyk.conf file as follow:
{
“listen_port”: 8080,
“node_secret”: “352d20ee67be67f6340b4c0605b044b7”,
“secret”: “352d20ee67be67f6340b4c0605b044b7”,
“template_path”: “/opt/tyk-gateway/templates”,
“use_db_app_configs”: true,
“db_app_conf_options”: {
“connection_string”: “”,
“node_is_segmented”: false,
“tags”: []
},
“disable_dashboard_zeroconf”: false,
“app_path”: “/opt/tyk-gateway/apps”,
“middleware_path”: “/opt/tyk-gateway/middleware”,
“storage”: {
“type”: “redis”,
“host”: “localhost”,
“port”: 6379,
“username”: “”,
“password”: “”,
“database”: 0,
“optimisation_max_idle”: 2000,
“optimisation_max_active”: 4000
},
“enable_analytics”: true,
“analytics_config”: {
“type”: “”,
“ignored_ips”: [],
“enable_detailed_recording”: true,
“enable_geo_ip”: false,
“geo_ip_db_path”: “”,
“normalise_urls”: {
“enabled”: true,
“normalise_uuids”: true,
“normalise_numbers”: true,
“custom_patterns”: []
}
},
“health_check”: {
“enable_health_checks”: false,
“health_check_value_timeouts”: 60
},
“optimisations_use_async_session_write”: true,
“allow_master_keys”: false,
“policies”: {
“policy_source”: “file”,
“policy_connection_string”: “”,
“policy_record_name”: “./policies/policies.json”,
“allow_explicit_policy_id”: true
},
“hash_keys”: true,
“suppress_redis_signal_reload”: false,
“use_redis_log”: true,
“close_connections”: false,
“enable_non_transactional_rate_limiter”: true,
“enable_sentinel_rate_limiter”: false,
“experimental_process_org_off_thread”: false,
“local_session_cache”: {
“disable_cached_session_state”: false
},
“http_server_options”: {
“enable_websockets”: true
},
“uptime_tests”: {
“disable”: false,
“config”: {
“enable_uptime_analytics”: true,
“failure_trigger_sample_size”: 2,
“time_wait”: 10,
“checker_pool_size”: 50
}
},
“hostname”: “”,
“enable_custom_domains”: true,
“enable_jsvm”: true,
“oauth_redirect_uri_separator”: “;”,
“coprocess_options”: {
“enable_coprocess”: false,
“coprocess_grpc_server”: “”
},
“pid_file_location”: “./tyk-gateway.pid”,
“allow_insecure_configs”: true,
“public_key_path”: “”,
“close_idle_connections”: false,
“allow_remote_config”: false,
“enable_bundle_downloader”: true,
“bundle_base_url”: “”,
“global_session_lifetime”: 100,
“force_global_session_lifetime”: false,
“max_idle_connections_per_host”: 500
}

I can’t find the error source, please give some suggest to solve the problem.

amadeus-x1 · December 5, 2018, 11:12am

Ran into this issue and had to add custom logs to figure out what was going on. Anyway, below is what was happening in my case

Bearer token malformed as response indicates that your request is probably actually getting proxied to your api instead of getting handled by tyk

This happens if your api listen path doesn’t end with a trailing /, and tyk end ups listening on API_IDoauth/token
instead of API_ID/oauth/token