Update OAuth metadata & Policy ID

We are running the headless open-source version 3.1.1 of Tyk API gateway.

I came across an API call that should allow us to update an OAuth client’s metadata and policy ID (see attached screenshot), I found the following issues:

  1. The API definition seems to be wrong, I had to change the path to /tyk/oauth/clients/<api_id>/<client_id> in order to make a successful call.
  2. Once running above call in postman when including the same policy_id as before (also seen in screenshot) I get the error “Policy access rights doesn’t contain API this OAuth client belongs to”.
    If I exclude the policy_id from the call it is successful but removes the policy from that OAuth client.

So what I’m wondering is if I’m doing something wrong or is this a bug in TYK’s API?

We will need to run this PUT call on existing OAuth clients to update the metadata and also update which policy the clients belongs to.



What about the content of your policy?
Does it contain your API definition in access rights?

This error literally happens when access_rights map inside policy does not have api_id specified in the URL.

Hope it helps!

Hi Leon, that would make sense if I was trying to change the policy_id for the specific oauth client. I get this error even when I leave the same policy_id it currently has. Therefore I can’t even update the metadata since the policy_id error shows up.

This check at the moment is running for both update and create actions, no matter if policy was updated or not.
Have you checked content of the policy and if it has proper api id inside?

it was a lil tricky since we have created an API called “oauth-api” where we always POST to authenticate users to get an access_token, all oauth clients are then created for oauth-api, this api however was not in my policies file, now I placed oauth-api in all policies and it works.

Thanks for pointing me in the right direction Leon!