Multiple authentication types (OIDC and authToken) on Tyk Gateway not working


  • Branch/Version: 3.1.1
  • Environment: Self Hosted

Describe the bug
Multiple authentication of OpenId and authToken is not working properly. tyk-gateway expect to get JWT on each call, even if an authToken is provided.

Reproduction steps
Steps to reproduce the behaviour:

  1. Add api with the following configuration:
    “use_openid”: true,
    “use_standard_auth”: true,
    “base_identity_provided_by”: “auth_token”,
    “openid_options”: { … some valid openid options … } ,
    “auth_configs”: { “authtoken”: { “auth_header_name”: “token_auth” }, { “oidc”: { “auth_header_name”: “openid_auth” }

  2. try to perform a request to the API with valid openid token on “openid_auth” header variable => everything is working fine.

  3. try to perform a request to the API with valid authentication token on “token_auth” header.

Actual behaviour
gots a “Key not authorised” error.
In the logs there is a “JWT Invalid” warning and also an “Authorzation field missing”, error. even though it provided.

when I set “use_openid” to false, the auth token is working properly but the openid token won’t.

Expected behaviour
tyk will use the auth token and not try to use openid token.


Logs (debug mode or log file):
unfortunately I’m running tyk-gateway on a closed network so I can’t provide logs.

Configuration (tyk config file):
default tyk configuraton.

Hi @Lior_Tamam, welcome to the community.

Unfortunately, I am unable to reproduce any of the actual or expected behaviour based on the configuration shared, Could you try modifying authtoken to authToken and try again.