I am using the Open Source version of Tyk, and I am trying to figure out how to set up Tyk to use tokens from Auth 0. I am using Tyk version 4.1.0.
I have an API set up in which the audience is also the client id in Auth0. However, when I try to use the token from Auth0 to access my API, the error I get is “Key not authorised”.
The Tyk logs show these messages:
[Nov 14 22:40:57] WARN JWT Invalid api_id=THX1138 api_name=petstore error=Validation error. Validation error. The provider https://proj-unknown.us.auth0.com/ does not have a client id matching any of the token audiences [zWozHYCcfaRWN3RfdlRT1mZfDZEoBNGR] mw=OpenIDMW org_id= origin=192.168.32.1 path=/petstore-test/pet/123
[Nov 14 22:40:57] WARN Attempted access with invalid key. api_id=THX1138 api_name=petstore key=****JWT] mw=OpenIDMW org_id= origin=192.168.32.1 path=/petstore-test/pet/123
I have a policy set up in the ./policies/policies.json file. The API.json file has keyless turned off, the issuer is in the providers list, and the client ID is tied to my policy.
What am I missing?