How do we redirect to the redirect URI we specify when creating the client ID upon generating an access token?
- Registered a client ID with redirect_uri set to the landing page(inside the dashboard or like) where user reaches when successfully authorised.
- Followed steps to generate access token.
- Got the access token. The process is finished here with a status code of 200(Not redirecting to anywhere)
My question is that how can I automatically move to the registered redirect_uri(landing page) using the obtained access token!
Also how can I get this redirect_uri from outside Tyk authorisation server where client ID is registered if I need to take the access token, redirect_uri and manually redirect to that location with the access token alongwith. It was not found in the request headers or anywhere.
Please do correct me if my undertanding about redirect_uri or anything else is wrong.
The OAuth redirect won’t work if you using any other grant type apart from Authorization Code. The OAuth Login Redirect only works for grant types that include a redirect. You can read more here
How can a http response with status 200 redirect itself?
Hi @sailor, I am unsure about the question? What
grant type are you using? Maybe this can shed a bit more clarity
I tried every grant_type everywhere the access token is delivered and process finished with status code 200 rather than any 3xx codes for redirect. I was thinking how it will redirect automatically to the redirect_uri with this 200 status code. I had to call the API separately with the obtained access token.
Did you try the Authorization Code grant type? The first process is the redirect.
If yes, then what was the result? Maybe a further explanation of the flow your are trying to achieve would be helpful.
I am not speaking about redirect to login page that is working fine. I am talking about after reaching login, then getting authorisation code and later getting access token with it. Once we get the access token we need to reach dashboard right(the uri we give in redirect_uri field)? How to reach there with that access token?
Hi @sailor, could you help with a bit of context:
- Do you have a Dashboard License?
- Are you using the Identity Management in the dashboard or Tyk Identity Broker (TIB)?
- Are you refereeing to the
redirect_uri in OAuth Clients?
No I don’t have a dashboard licence
Neither using TIB
I am just trying out with Tyk community edition
Yes I am speaking about the redirect_uri which is being registered when OAuth client id is being made
Based on the Authorization Flow description in our official documentation, once you have obtained an Access Token, you are now Authorized to call your API without any 403 errors. Hence, you don’t need to go back to the Dashboard or Follow the Redirect URL. From my understanding, the redirect_url serves as a means to validate the requests of the OAuth Flow.
FYI by “Dashboard” I didn’t mean the Tyk dashboard. I meant wherever we reach once we are authorized to access something, could be my application dashboard or anything else.
Ideally shouldn’t we automatically move to the redirect_uri once we are successfully authorised with an access token. Isn’t it the redirect_uri is intented to be as per a standard OAuth flow?
I can’t say because this may differ based on the Implementation of the Authorization Server. Based on the RCF standards, the redirect_uri is used by the Authorization Server for delivering the Authorization Code back to the Client. It also classifies this attribute as optional, as opposed to required or recommended.
But you should also keep in mind that Tyk doesn’t act as an Authorization Server, but rather as an Identity Broker that interfaces with your Identity Store Application where the Actual Authentication of Client’s Credentials (Username and Password) occurs. As an Identity Broker, Tyk exposes endpoints to facilitate the OAuth Process and for Issuing Access Tokens.
So in this case, you can consider manually redirecting your clients to the redirect_uri. The redirect_uri is supplied to the OAuth Login endpoint configured for your API when you call the /oauth/authorize endpoint. You can also obtain it by calling the Gateway API manually:
Whereas, if you want to keep track of Tokens as they are being issued by the Tyk Gateway, you can configure an OAuth Notifications URL and a Shared Secret. Once an Access Token is being issued, this indeed gets called by the gateway.