Hey, sorry app_id was a typo, i did mean api_id. I just recreated the entire docker setup from scratch to ensure this had no mistakes, ive added a new api just pointing at httpbin, enabled oauth and then attempted to hit the correct endpoint for authorize, still getting a 404.
"api_model": {}, "api_definition": { "id": "58cf83918fbbe10001a7c67a", "name": "OAuthDemoAPI", "slug": "oauthdemoapi", "api_id": "aadfd1bfeee64be86751e3cb112e15b8", "org_id": "58cf83288fbbe10001a7c674", "use_keyless": false, "use_oauth2": true, "use_openid": false, "openid_options": { "providers": [], "segregate_by_client": false }, "oauth_meta": { "allowed_access_types": [ "authorization_code", "refresh_token", "password", "client_credentials" ], "allowed_authorize_types": [ "token", "code" ], "auth_login_redirect": "http://192.168.99.100:8002/login" }, "auth": { "use_param": false, "param_name": "", "use_cookie": false, "cookie_name": "", "auth_header_name": "Authorization" }, "use_basic_auth": false, "enable_jwt": false, "use_standard_auth": false, "enable_coprocess_auth": false, "jwt_signing_method": "", "jwt_source": "", "jwt_identity_base_field": "", "jwt_client_base_field": "", "jwt_policy_field_name": "", "notifications": { "shared_secret": "", "oauth_on_keychange_url": "" }, "enable_signature_checking": false, "hmac_allowed_clock_skew": -1, "base_identity_provided_by": "", "definition": { "location": "header", "key": "x-api-version" }, "version_data": { "not_versioned": true, "versions": { "Default": { "name": "Default", "expires": "", "paths": { "ignored": [], "white_list": [], "black_list": [] }, "use_extended_paths": true, "extended_paths": {}, "global_headers": {}, "global_headers_remove": [], "global_size_limit": 0, "override_target": "" } } }, "uptime_tests": { "check_list": [], "config": { "expire_utime_after": 0, "service_discovery": { "use_discovery_service": false, "query_endpoint": "", "use_nested_query": false, "parent_data_path": "", "data_path": "", "port_data_path": "", "target_path": "", "use_target_list": false, "cache_timeout": 60, "endpoint_returns_list": false }, "recheck_wait": 0 } }, "proxy": { "preserve_host_header": false, "listen_path": "/oauthdemoapi/", "target_url": "http://httpbin.org/", "strip_listen_path": true, "enable_load_balancing": false, "target_list": [], "check_host_against_uptime_tests": false, "service_discovery": { "use_discovery_service": false, "query_endpoint": "", "use_nested_query": false, "parent_data_path": "", "data_path": "hostname", "port_data_path": "port", "target_path": "/api-slug", "use_target_list": false, "cache_timeout": 60, "endpoint_returns_list": false } }, "disable_rate_limit": false, "disable_quota": false, "custom_middleware": { "pre": [], "post": [], "post_key_auth": [], "auth_check": { "name": "", "path": "", "require_session": false }, "response": [], "driver": "", "id_extractor": { "extract_from": "", "extract_with": "", "extractor_config": {} } }, "custom_middleware_bundle": "", "cache_options": { "cache_timeout": 60, "enable_cache": true, "cache_all_safe_requests": false, "cache_response_codes": [], "enable_upstream_cache_control": false }, "session_lifetime": 0, "active": true, "auth_provider": { "name": "", "storage_engine": "", "meta": {} }, "session_provider": { "name": "", "storage_engine": "", "meta": null }, "event_handlers": { "events": {} }, "enable_batch_request_support": false, "enable_ip_whitelisting": false, "allowed_ips": [], "dont_set_quota_on_create": false, "expire_analytics_after": 0, "response_processors": [], "CORS": { "enable": false, "allowed_origins": [], "allowed_methods": [], "allowed_headers": [], "exposed_headers": [], "allow_credentials": false, "max_age": 24, "options_passthrough": false, "debug": false }, "domain": "", "do_not_track": false, "tags": [], "enable_context_vars": false }, "hook_references": [], "is_site": false, "sort_by": 0
Heres a sample of what I get when I run a curl command:
`curl -vX POST -H “Authorization: a87d8efe939f41f66016f1a2e19fe7bd” \
-H “Content-Type: application/x-www-form-urlencoded”
-d ‘response_type=code&client_id=06b4277cc5724d585445e9cb5cd7e2de&redirect_uri=https%3A%2F%2Fwww.getpostman.com%2Foauth2%2Fcallback&key_rules=’
http://192.168.99.100:3000/api/apis/aadfd1bfeee64be86751e3cb112e15b8/oauth/authorize-client/
- Trying 192.168.99.100…
- Connected to 192.168.99.100 (192.168.99.100) port 3000 (#0)
POST /api/apis/aadfd1bfeee64be86751e3cb112e15b8/oauth/authorize-client/ HTTP/1.1
Host: 192.168.99.100:3000
User-Agent: curl/7.43.0
Accept: /
Authorization: a87d8efe939f41f66016f1a2e19fe7bd
Content-Type: application/x-www-form-urlencoded
Content-Length: 138
- upload completely sent off: 138 out of 138 bytes
< HTTP/1.1 404 Not Found
< X-Frame-Options: Deny
< Date: Mon, 20 Mar 2017 07:34:49 GMT
< Content-Length: 9
< Content-Type: text/plain; charset=utf-8
<
- Connection #0 to host 192.168.99.100 left intact`
The authorization code is just taken from the base user created when I setup the dockers, its exactly the same as the one used to call the api/apis endpoint. The client ID has been created in the UI by adding an oauth client for that api and then the api_id is as per the output from the api’s call. Seems odd to me im getting a 404, not some sort of data input issue.