I’m using Tyk Identity Broker with a ProxyProvider and everything is working except when the valid response comes back from my service, the call to the tyk dashboard API fails saying that my api user doesn’t have the right permissions:
WARN[0003] Response code was: 403
WARN[0003] GOT:{"Status":"Error","Message":"User does not have permission to add API to key Access Rights!","Meta":null}
ERRO[0003] [TYK ID HANDLER] --> Login failure. Request not allowed
I’ve ensured that my profiles.json has the correct data:
[{
“ActionType”: “GenerateTemporaryAuthToken”,
“ID”: “1”,
“IdentityHandlerConfig”: {
“DashboardCredential”: “cf093e9bef1a463a754c05d6b389ec1f”
},
“OrgID”: “570e58d9e11a690001000001”,
“ProviderConfig”: {
“AccessTokenField”: “access_token”,
“ExtractUserNameFromBasicAuthHeader”: true,
“OKCode”: 200,
“OKRegex”: “”,
“OKResponse”: “”,
“ResponseIsJson”: true,
“TargetHost”: “http://192.168.99.100:4000/login/”,
“UsernameField”: “user_name”
},
“ProviderName”: “ProxyProvider”,
“ReturnURL”: “http://192.168.99.100:3000”,
“Type”: “redirect”
}]
and that my user has both apis:read and keys:write permissions:
# curl -s -X GET -H 'admin-auth: 12345' http://192.168.99.100:3000/admin/users/570e5a3f2e87148c2b4dde13 | python -mjson.tool`
{
"access_key": "cf093e9bef1a463a754c05d6b389ec1f",
"active": true,
"api_model": {},
"email_address": "[email protected]",
"first_name": "API",
"id": "570e5a3f2e87148c2b4dde13",
"last_name": "KEYISSUER",
"org_id": "570e58d9e11a690001000001",
"password": "$2a$10$.udWb1HPIPGHte.ji.BLzu8TO5JxN8SLRDTf3kXY6HOlQZ2.ZCrwK",
"user_permissions": {
"apis": "read",
"keys": "write"
}
}
What other permissions do I need for this api user?