Meet a problem when trying to use OAuth. I wanna generate an OAuth token using existing policy.
I expected /oauth/test/
callable when using below token.
Result
GET /oauth/test/ HTTP/1.1
Authorization: Bearer wef-Kzd0QHSAQjqjtLX74w
response: { "error": "Key not authorised"}
tyk-gateway.log
WARN[0909] Invalid key detected, not found in storage engine
INFO[0909] Attempted access with non-existent key. key=wef-Kzd0QHSAQjqjtLX74w origin=10.0.2.2:56386 path=/oauth/test/
found key record from redis
redis 127.0.0.1:6379> get oauth-data.oauth_00001.oauth-authorize.wef-Kzd0QHSAQjqjtLX74w
"{\"Client\":{\"Id\":\"b13167c81c87428d7693ff9466abba09\",\"Secret\":\"ZTkyZTI4YzgtMjgwMy00YzE4LTU1YWUtM2MwODU5OGYzNWUy\",\"RedirectUri\":\"http://10.0.2.2:56337/oauth-redirect/\"},\"Code\":\"wef-Kzd0QHSAQjqjtLX74w\",\"ExpiresIn\":250,\"Scope\":\"\",\"RedirectUri\":\"http://10.0.2.2:56337/oauth-redirect/\",\"State\":\"\",\"CreatedAt\":\"2016-02-02T10:21:44.898304373Z\",\"UserData\":\"{ \\\"apply_policy_id\\\": \\\"oauth_policy_00001\\\"}\"}"
My OAuth Setup
Authorisation and try to apply existing policy via Postman
POST /oauth/test/tyk/oauth/authorize-client/ HTTP/1.1
Host: 127.0.0.1:8080
x-tyk-authorization: 352d20ee67be67f6340b4c0605b044b7
Cache-Control: no-cache
Postman-Token: 49c2bf40-c1ca-b569-de6e-d92c9619907d
Content-Type: application/x-www-form-urlencoded
response_type=code&client_id=b13167c81c87428d7693ff9466abba09&redirect_uri=http%3A%2F%2F10.0.2.2%3A56337%2Foauth-redirect%2F&key_rules=%7B+%22apply_policy_id%22%3A+%22oauth_policy_00001%22%7D
create Oauth client
OPTIONS='
{"api_id": "oauth_00001",
"redirect_uri": "http://10.0.2.2:56337/oauth-redirect/"}
'
RESPONSE=$(curl --silent --header "x-tyk-authorization:$REST_API_SECRET" --header "Content-Type:application/json" --data "$OPTIONS" http://$LOCALIP:8080/tyk/oauth/clients/create)
API Definition
{
"name": "Test for OAuth Cross API",
"api_id": "oauth_00001",
"definition": {
"location": "header",
"key": "version"
},
"use_oauth2": true,
"oauth_meta": {
"allowed_access_types": [
"authorization_code",
"refresh_token"
],
"allowed_authorize_types": [
"code",
"token"
],
"auth_login_redirect": "http://lonelycode.com/login"
},
"notifications": {
"shared_secret": "9878767657654343123434556564444",
"oauth_on_keychange_url": "http://posttestserver.com/post.php?dir=oauth_notifications"
},