I want to use OAuth 2.0 to secure my API, I’m using tyk gateway open source, I don’t know how to configure the authentication with OAuth 2.0 using CLI, need help with that
1 Like
Hi @hager_selim,
Thank you for your question and I do apologize this isn’t currently better documented - we’re currently using our resources to improve our overall documentation.
For the most part our open-source (Gateway) is the foundation of Tyk which means you can do most things through the open-source while the Dashboard adds a much friendlier UI to complete tasks.
Here’s a bit more information into using OAuth 2.0 without dashboard:
-
Create your normal api but also including the allowed access/authorize types by adding the below to your api definition:
“use_oauth2”: true,
“oauth_meta”: {
“allowed_access_types”: [
“authorization_code”
],
“allowed_authorize_types”: [
“code”
],
“auth_login_redirect”: “http://example.com”
}, -
Add your policy to your API → here’s a bit more information on that
Policies Guide. You can drop down to the ‘Configuring Community Edition to use a policy list’. -
Then get the API to create an oauth2.0 client by hitting the
/tyk/oauth/clients/createpoint. For this step you need to addx-tyk-authorization: <your-secret>to your call. More information on this can be found on: Tyk Gateway API -
To make sure you’ve done the previous listed steps correctly follow: https://tyk.io/docs/basic-config-and-security/security/authentication-authorization/oauth2-0/auth-code-grant/. These steps can be done using CURL or by using Postman - it’s up to you.
Here’s some more resources:
There’s more information about these steps on our docs for this OAuth 2.0 under the ‘Enabling OAuth via an Api’ header.
Here’s another video of one of my colleagues that goes into this with the newer dashboard - good watch to get into more detail about what’s happening during each step https://www.youtube.com/watch?v=RxKDe8OLgGM&ab_channel=TykAPIManagement.
Hope this helps!
–
Valmir
3 Likes