When this happens
“If the request is valid and the Client ID has not expired, then the request will be passed through to your applications authorisation page – this page will essentially enable your user to log in and authenticate themselves and then give permission to this client ID to access their details (as one would expect from an OAuth integration).”
Is there a way to transform a header in that Redirect to authorization page from Tyk ?
So, TYK expects the the POST Content-Type to be ‘application/x-www-form-urlencoded’ and redirects to the applications Login/Authorization page.
Now the way we have it working is that the user credentials are provided during that first call to tyk for client authorization. which means. the user credentials are part of the POST body in the redirect to the authorization page. The credentials are then validated.
So, the use case we are trying to achieve is to have the Content-Type header to be “application/vnd.api+json” and be strictly JSONApi in our responses. This is not currently possible since the header needs to be ‘application/x-www-form-urlencoded’.
So I wanted to see if that header could be changed during the 304 redirect to the authorization page in TYK, similar to header transformation during Proxying. This would allow us to inject/change that header and be JsonApi compliant.