How to access /tyk/oauth/authorize-client/ without using x-tyk-authorization header

shiva · November 28, 2017, 6:38am

Hi,

I am doing OAuth2 flow referring the documentation //tyk.io/docs/basic-config-and-security/security/authentication-authorization/oauth-2-0/.
I can not get authorization code from /tyk/oauth/authorize-client/ endpoint without providing gateway secret. How can I achieve this without gateway secret. Since my client should not have any dependency over gateway.

POST http://tyk-gateway.dev.com:8070/{listen_path}/tyk/oauth/authorize-client
Headers:
Content-Type: application/x-www-form-urlencoded
Authorization: Basic base64(client_id:client_secret)
Body:
response_type=code&client_id=27f6e23bab8b4c9981ba71bfa9f7aa63

This gives response
{ "status": "error", "message": "Forbidden" }
Thank you,
Shiva

Martin · November 29, 2017, 3:50am

This is not meant to be invoked by your client, this is meant to be invoked by your login application hat is authorizing the user. The client should call /authorize/

Fabian_Villa · May 15, 2018, 10:50pm

I have the same problem. and my questions is how invoke /tyk/oauth/authorize-client/ to get code because i get this errors { “error”: “Bearer token malformed” } or { “error”: “Authorization field missing” } thank you.