I do not understand Oauth2 Flow


#1

Imported Google Group message. Original thread at: https://groups.google.com/forum/#!topic/tyk-community-support/8CPqSBN6jaI Import Date: 2016-01-19 21:38:49 +0000.
Sender:Adil Atilgan.
Date:Friday, 25 December 2015 14:24:45 UTC.

I carefully read Oauth2 Flow Option 2 at the documentation and stack in the /oauth/authorize/ .

When I make a standard Authorization Request as described in RFC , TYK returns Authorization field missing error.
I have checked the source, which requires Authorization in header, It works when I add a header "Authorization : Bearer xxxxxxxxxx " but I am confused that this request is done by client browser/app and it is not secure to give it to client. Also this header is not required in RFC.

I am bit confused , what am I doing false?

Thanks,


#2

Imported Google Group message.
Sender:Martin Buhr.
Date:Saturday, 26 December 2015 11:21:57 UTC.

Just to confirm on this - I think you’re missing the slash on the end of the URL, if you exclude it, Tyk assumes it’s a protected URL and displays the behaviour you are describing.

Thanks,
Martin


#3

Imported Google Group message.
Sender:Adil Atilgan.
Date:Saturday, 26 December 2015 09:41:35 UTC.

Tyk doesn’t require an Authorization header to access that OAuth path on your API, I think the URL is wrong, which is triggering the access controls check in Tyk as it thinks it’s a non-reserved URL.

Http://domain.com/listen_path/oauth/authorize/

If you did check the source, you will see the OAuth paths are added before the key check.

What URL are you using for Authorize path?

Thanks,
Martin


From: Adil Atilgan [email protected]
Sent: Friday, December 25, 2015 14:24
Subject: I do not understand Oauth2 Flow
To: Tyk Community Support [email protected]

  • show quoted text -


You received this message because you are subscribed to the Google Groups “Tyk Community Support” group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To view this discussion on the web, visit https://groups.google.com/d/msgid/tyk-community-support/df8fef2a-2d11-4e62-9b69-b8f53e0cee85%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


#4

Imported Google Group message.
Sender:Martin Buhr.
Date:Saturday, 26 December 2015 18:30:17 UTC.

Thanks for the clarification! I am totally confused . I will do the setup again and let you know about result.

  • show quoted text -

#5

Imported Google Group message.
Sender:Adil Atilgan.
Date:Sunday, 27 December 2015 20:14:24 UTC.

Martin It is OK now, / end of URL does the trick. Thanks a lot.

  • show quoted text -