Tyk identity broker adding trailing / to url

Tyk Identity Broker v0.1

I have been struggling to get the proxy provider to call my identity servers token endpoint using OAUTH password grant flow. When the identity broker sends the request it is appending a / to the end of the TargetHost as observed in my apache access log of my identity server.

Raw REST Request:
POST /auth/8/proxy HTTP/1.1
Host: tyk.local:3010
Cache-Control: no-cache
Postman-Token: d51170bb-7a05-6a8b-37a7-1f3b27bd517e
Content-Type: application/x-www-form-urlencoded


Apache Log:
“POST /oxauth/seam/resource/restv1/oxauth/token/ HTTP/1.1” 401 586 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36”

Note the trailing / on the url path /oxauth/seam/resource/restv1/oxauth/token/

My profiles.json config

“ActionType”: “GenerateTemporaryAuthToken”,
“ID”: “8”,
“IdentityHandlerConfig”: {
“DashboardCredential”: “352d20ee67be67f6340b4c0605b044b7”,
“DisableOneTokenPerAPI”: false,
“TokenAuth”: {
“BaseAPIID”: “f555f7c470cc4bac5b702c59658a0c95”
“MatchedPolicyID”: “570bf60d2eb5e10252000003”,
“OrgID”: “57113e0b2eb5e13660000001”,
“ProviderConfig”: {
“AccessTokenField”: “access_token”,
“ExrtactUserNameFromBasicAuthHeader”: false,
“OKCode”: 200,
“OKRegex”: “”,
“OKResponse”: “”,
“ResponseIsJson”: true,
“TargetHost”: “https://idm.local/oxauth/seam/resource/restv1/oxauth/token”,
“UsernameField”: “username”
“ProviderName”: “ProxyProvider”,
“ReturnURL”: “”,
“Type”: “passthrough”

If I make the exact same request directly to the identity server I get a proper response with a token but, if I make the exact same request to the identity broker I get a 401 from my identity server because of the trailing /

I looked through the source code and nothing jumps out at me as to my this would be added. So, that leads me to believe that my config is wrong somehow.

Any ideas?

There is a quirk in the proxy request handler that ships with golang that can cause this to happen. We fixed it in Tyk Gateway by replacing the function that handles trailing slashes.

We’ve actually included or own proxy handler with TIB but it hasn’t been hooked up yet - looks like we might need to after all :slight_smile:

Thanks Martin,

I recompiled with the identity providers methods and it is working like a charm.

1 Like