We have finally deployed Tyk in our application stack! Yay!
Almost everything seems to be running just fine. However, earlier today I got reports that users no longer could log in, and I found that it was because all the OAuth clients had been lost. All other API settings (which I imported from JSON earlier this morning) were still there, but the OAuth clients had been lost. I created new ones and deployed them to our apps so now we’re up and running again, but I need to make sure this does not keep happening.
How are they stored? Could there be something wrong with our setup causing these to not be persisted properly, while all other aspects of the gateway and dashboard remain (API configurations, logs, users, organizations et c)?
OAuth clients are stored in Redis, similar to Keys. So if you want fully move to on-prem, you need to fetch oauth clients via dashboard API, and import them to on-prem env via gateway API.
That’s good to know! I don’t mind having other IDs on production than I do in development environments, but I need the oauth clients to persist of course. So I should be able to solve this by just setinng up persistent storage for Redis.
After looking into this some more, I’ve realized that Redis is already persisted enough using RDB that it should survive a crash/restart without losing the keys. I’m using Docker and have not (yet) configured a persistant volume for Redis, but that should not be a problem as long as the container stays alive, and I have not seen any signs of it restarting.
This has happened a couple of times today. I’m not sure what’s causing it. The redis eviction policy is noeviction and like stated any Redis crashes should still be able to recover the RDB data (the client IDs having been one of the first keys added to the db).
I’m restarting with a Docker volume for the data file now to see if that help, but I’m not sure how it would at this point. Any other suggestions?
Having monitored Redis overnight I concluded that there was another service that was unrelated to Tyk that was flushing it periodically. Thanks for pointing me in the right direction. This has now been solved!