Imported Google Group message.
Date:Thursday, 21 May 2015 08:38:06 UTC+1.
I've answered your questions below, apologies if formatting is off, doing this on a mobile :-/
I have some clarification questions about the OAuth 2.0 methods.
In the Access Control documentation (https://tyk.io/v1.6/access-control/oauth2/), two methods are required for completing the OAuth 2.0 flow. The first is "/listen_path/oauth/authorize/", which you send data to and then it redirects to your login page. The second is "/tyk/oauth/authorize-client/", which is part of the REST API and does not need the listen path (if I understand correctly).
This is correct
My questions are:
- What data needs to be sent via POST to the /listen_path/oauth/authorize method? On this page (https://tyk.io/v1.6/rest-api/oauth-key-management/), it doesn't give any information about the method.
See option 2 here: https://tyk.io/v1.6/access-control/oauth2/ which describes the OAuth flows - you basically need to send all the post at a that you received in your login page (the original authorise request) to the tyk endpoint.
- I added /oauth/authorize/ as an endpoint in my API. Is that necessary?
Only if you are ignoring it or using white lists, tyk proxies everything unless you start specifying lists of endpoints with white lists
- Another user mentioned in a post that he was receiving a "The authorization server does not support obtaining a token using this method". I also get this error (even after adding the trailing /). Isn't that because the "/oauth/authorize/" method isn't supposed to return tokens, but rather some kind of code that is used to obtain a token using the "/oauth/authorize-client/" method?
The authorise endpoint should return a token depending on how the OAuth request was made - this is a big topic, would suggest looking into the kind of token you are trying to get and making sure the options are all set correctly and that you are also requesting the right kind of token in the inbound POST data.
- I always get "404 Not Found" when I try to POST to the "/tyk/oauth/authorize-client/". Am I correct in assuming that the URI should be http(s)://tyk_gateway:port/tyk/oauth/authorize client
This isn't clear in the docs, but that endpoint is under the listen_path too so
Apologies in advance if I have misunderstood everything. Everything is working great otherwise. We plan to implement Tyk once our new API is ready.
No worries good luck and let me know how you get on.