I am trying to set up an API Proxy to use the openidc provider, and keep getting the following error
Attempted access with invalid key
The provider https://dev--.au.auth0.com/ does not have a client id matching any of the token audiences
I have tested my Auth0 setup and API on localhost and can produce Id Tokens using the openidc playground.
I have added a policy using the file as this is OSS Tyk Gateway the policy file looks like the following
{
"default": {
"rate": 1000,
"per": 1,
"quota_max": 100,
"quota_renewal_rate": 60,
"access_rights": {
"41433797848f41a558c1573d3e55a422": {
"api_name": "Auth0 api",
"api_id": "Auth0-Echo-API-1",
"versions": [
"Default"
]
}
},
"org_id": "1",
"hmac_enabled": false,
"active": true,
"is_inactive": false,
"tags": [],
"key_expires_in": 0
}
}
I create an API referencing the the openidc
{
“name”: “Auth0 api”,
“api_id”: “Auth0-Echo-API-1”,
“org_id”: “1”,
“auth”: {
“auth_header_name”: “Authorization”
},
“definition”: {
“location”: “header”,
“key”: “x-api-version”
},
“version_data”: {
“not_versioned”: true,
“versions”: {
“Default”: {
“name”: “Default”,
“use_extended_paths”: true
}
}
},
“proxy”: {
“listen_path”: “/secure/”,
“target_url”: “http://echo-service.default.svc.cluster.local”,
“strip_listen_path”: true
},
“use_openid”: true,
“openid_options”: {
“providers”: [
{
“issuer”: “https://dev--.au.auth0.com/”,
“client_ids”: {
“iGULH5kgHnT5yK2M2LjEMGGTEOj2uMwd”: “default”
}
}
],
“segregate_by_client”: false
},
“active”: true
}
Keep a 401 with this error when I access using the Bearer Token created by the openidc playground
time=“Jan 30 11:46:13” level=warning msg=“JWT Invalid” api_id=Auth0-Echo-API-1 api_name=“Auth0 api” error=“Validation error. Validation error. The provider https://dev--.au.auth0.com/ does not have a client id matching any of the token audiences [iGULH5kgHnT5yK2M2LjEMGGTEOj2uMwd]” mw=OpenIDMW org_id=1 origin=125.237.222.229 path=“/secure/”
time=“Jan 30 11:46:13” level=warning msg=“Attempted access with invalid key.” api_id=Auth0-Echo-API-1 api_name=“Auth0 api” key=“****JWT]” mw=OpenIDMW org_id=1 origin=125.237.222.229 path=“/secure/”