Not able to use OAuth token on tyk portal Error: Bearer token malformed

surajsakpal · September 3, 2021, 4:02pm

Hi,

We used OAuth authentication (Client credentials & token) for a API but i am not able to access api on tyk portal. Please find screenshot for your reference.

Thanks…

Olu · September 5, 2021, 10:42am

Hi @surajsakpal,

Welcome to the community.

Have you tried following the Client Credentials Grant Type (tyk.io) documentation and trying it out via Postman?

surajsakpal · September 6, 2021, 5:28am

Thanks for reply…
From postman i am getting the proper output but not from tyk portal.
While i am doing from postman at that time i am passing auth token which is generated from client id & client secret.
If suppose i am doing it from tyk portal then where i should passed this auth token?
I have followed the steps which is given in the document.

Tyk Raw Definition:
{
“id”: “6132353b1b741a000150f903”,
“name”: “OAuth API”,
“slug”: “oauth-api”,
“listen_port”: 0,
“protocol”: “”,
“enable_proxy_protocol”: false,
“api_id”: “b43059df0f164d17625a33ec71acdead”,
“org_id”: “6043744f924fc30001082ae4”,
“use_keyless”: false,
“use_oauth2”: true,
“use_openid”: false,
“openid_options”: {
“providers”: [],
“segregate_by_client”: false
},
“oauth_meta”: {
“allowed_access_types”: [
“client_credentials”
],
“allowed_authorize_types”: [
“token”
],
“auth_login_redirect”: “”
},
“auth”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“auth_configs”: {
“authToken”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“basic”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“coprocess”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“hmac”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“jwt”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“oauth”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“oidc”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “Authorization”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
}
},
“use_basic_auth”: false,
“basic_auth”: {
“disable_caching”: false,
“cache_ttl”: 0,
“extract_from_body”: false,
“body_user_regexp”: “”,
“body_password_regexp”: “”
},
“use_mutual_tls_auth”: false,
“client_certificates”: [],
“upstream_certificates”: {},
“pinned_public_keys”: {},
“enable_jwt”: false,
“use_standard_auth”: false,
“use_go_plugin_auth”: false,
“enable_coprocess_auth”: false,
“jwt_signing_method”: “”,
“jwt_source”: “”,
“jwt_identity_base_field”: “”,
“jwt_client_base_field”: “”,
“jwt_policy_field_name”: “”,
“jwt_default_policies”: [],
“jwt_issued_at_validation_skew”: 0,
“jwt_expires_at_validation_skew”: 0,
“jwt_not_before_validation_skew”: 0,
“jwt_skip_kid”: false,
“jwt_scope_to_policy_mapping”: {},
“jwt_scope_claim_name”: “”,
“notifications”: {
“shared_secret”: “”,
“oauth_on_keychange_url”: “”
},
“enable_signature_checking”: false,
“hmac_allowed_clock_skew”: -1,
“hmac_allowed_algorithms”: [],
“request_signing”: {
“is_enabled”: false,
“secret”: “”,
“key_id”: “”,
“algorithm”: “”,
“header_list”: [],
“certificate_id”: “”,
“signature_header”: “”
},
“base_identity_provided_by”: “”,
“definition”: {
“location”: “header”,
“key”: “x-api-version”,
“strip_path”: false
},
“version_data”: {
“not_versioned”: true,
“default_version”: “”,
“versions”: {
“Default”: {
“name”: “Default”,
“expires”: “”,
“paths”: {
“ignored”: [],
“white_list”: [],
“black_list”: []
},
“use_extended_paths”: true,
“extended_paths”: {},
“global_headers”: {},
“global_headers_remove”: [],
“global_response_headers”: {},
“global_response_headers_remove”: [],
“ignore_endpoint_case”: false,
“global_size_limit”: 0,
“override_target”: “”
}
}
},
“uptime_tests”: {
“check_list”: [],
“config”: {
“expire_utime_after”: 0,
“service_discovery”: {
“use_discovery_service”: false,
“query_endpoint”: “”,
“use_nested_query”: false,
“parent_data_path”: “”,
“data_path”: “”,
“port_data_path”: “”,
“target_path”: “”,
“use_target_list”: false,
“cache_timeout”: 60,
“endpoint_returns_list”: false
},
“recheck_wait”: 0
}
},
“proxy”: {
“preserve_host_header”: false,
“listen_path”: “/oauth-api/”,
“target_url”: “https://petstore.swagger.io/v2/”,
“disable_strip_slash”: false,
“strip_listen_path”: true,
“enable_load_balancing”: false,
“target_list”: [],
“check_host_against_uptime_tests”: false,
“service_discovery”: {
“use_discovery_service”: false,
“query_endpoint”: “”,
“use_nested_query”: false,
“parent_data_path”: “”,
“data_path”: “”,
“port_data_path”: “”,
“target_path”: “”,
“use_target_list”: false,
“cache_timeout”: 0,
“endpoint_returns_list”: false
},
“transport”: {
“ssl_insecure_skip_verify”: false,
“ssl_ciphers”: [],
“ssl_min_version”: 0,
“ssl_force_common_name_check”: false,
“proxy_url”: “”
}
},
“disable_rate_limit”: false,
“disable_quota”: false,
“custom_middleware”: {
“pre”: [],
“post”: [],
“post_key_auth”: [],
“auth_check”: {
“name”: “”,
“path”: “”,
“require_session”: false,
“raw_body_only”: false
},
“response”: [],
“driver”: “”,
“id_extractor”: {
“extract_from”: “”,
“extract_with”: “”,
“extractor_config”: {}
}
},
“custom_middleware_bundle”: “”,
“cache_options”: {
“cache_timeout”: 60,
“enable_cache”: true,
“cache_all_safe_requests”: false,
“cache_response_codes”: [],
“enable_upstream_cache_control”: false,
“cache_control_ttl_header”: “”,
“cache_by_headers”: []
},
“session_lifetime”: 0,
“active”: true,
“internal”: false,
“auth_provider”: {
“name”: “”,
“storage_engine”: “”,
“meta”: {}
},
“session_provider”: {
“name”: “”,
“storage_engine”: “”,
“meta”: {}
},
“event_handlers”: {
“events”: {}
},
“enable_batch_request_support”: false,
“enable_ip_whitelisting”: false,
“allowed_ips”: [],
“enable_ip_blacklisting”: false,
“blacklisted_ips”: [],
“dont_set_quota_on_create”: false,
“expire_analytics_after”: 0,
“response_processors”: [],
“CORS”: {
“enable”: true,
“allowed_origins”: [
“*”
],
“allowed_methods”: [
“GET”,
“POST”,
“HEAD”
],
“allowed_headers”: [
“Origin”,
“Accept”,
“Content-Type”,
“X-Requested-With”,
“Authorization”
],
“exposed_headers”: [],
“allow_credentials”: false,
“max_age”: 24,
“options_passthrough”: false,
“debug”: false
},
“domain”: “tyk-gateway-tyk-cateina.api.164.52.220.55.nip.io”,
“certificates”: [],
“do_not_track”: false,
“tags”: [],
“enable_context_vars”: false,
“config_data”: {},
“tag_headers”: [],
“global_rate_limit”: {
“rate”: 0,
“per”: 0
},
“strip_auth_data”: false,
“enable_detailed_recording”: false,
“graphql”: {
“enabled”: false,
“execution_mode”: “proxyOnly”,
“schema”: “”,
“type_field_configurations”: [],
“playground”: {
“enabled”: false,
“path”: “”
}
}
}

Olu · September 6, 2021, 12:01pm

I think you have to pass it based on your swagger documentation. I have dropped a reference to it here:
Version 3 => OpenAPI Specification - Version 3.0.3 | Swagger
Version 2 => OpenAPI Specification - Version 2.0 | Swagger

In your case, you would need to specify a bearer scheme in the securitySchemes (v3) or securityDefinitions (v2) section of your swagger doc.

surajsakpal · September 6, 2021, 12:29pm

Swagger documentation done on the tyk portal:
{
“openapi”: “3.0.1”,
“info”: {
“title”: “defaultTitle”,
“description”: “defaultDescription”,
“version”: “0.1”
},
“servers”: [
{
“url”: “http://tyk-gateway-tyk-cateina.api.164.52.220.55.nip.io”
}
],
“paths”: {
“/oauth-api/pet/findByStatus”: {
“get”: {
“description”: “Auto generated using Swagger Inspector”,
“parameters”: [
{
“name”: “status”,
“in”: “query”,
“required”: false,
“style”: “form”,
“explode”: true,
“schema”: {
“type”: “string”
},
“example”: “available”
}
],
“responses”: {
“200”: {
“description”: “Auto generated using Swagger Inspector”
}
},
“security”: [
{
“oAuth2ClientCredentials”: []
}
]
}
}
},
“components”: {
“schemas”: {},
“securitySchemes”: {
“oAuth2ClientCredentials”: {
“type”: “oauth2”,
“flows”: {
“clientCredentials”: {
“tokenUrl”: “http://tyk-gateway-tyk-cateina.api.164.52.220.55.nip.io/swaginspect/oauth2/token/”,
“scopes”: {}
}
}
}
}
}
}

surajsakpal · September 7, 2021, 7:30am

Hi Olu,

Have you checked this swagger doc. Any update on this?

Thanks,
Suraj

Olu · September 7, 2021, 10:04am

I just did a quick look-through and the token url may be an issue since it has a 2 as the suffix in oauth.

Swagger: http://tyk-gateway-tyk-cateina.api.164.52.220.55.nip.io/swaginspect/oauth2/token/

If stripping that does not fix the issue, then one of our internal guys should reach out to you