Using OAuth Notifications URL

Imported Google Group message. Original thread at: Redirecting to Google Groups Import Date: 2016-01-19 21:17:04 +0000.
Sender:S. Alexander Zaman.
Date:Monday, 29 June 2015 19:25:12 UTC+1.

Hi Martin,

I am so close to getting things running, thanks to your help. :slight_smile:

I am currently at the point where I can get a token but I need a way to associate the token that I grabbed from tyk with the user that had to log in and confirm the authorization.

I thought this could probably be done with the webhook and “OAuth Notifications URL” feature, but I am a bit confused with how it works, but when I tried a login, it only returned the following information according to

== Begin post body == {“auth_code”:“lp6n-kjeTnqZkXA7kdI91A”,“new_oauth_token”:“wS2WCXlZS7mhtiYl5pybsA”,“refresh_token”:“XIYua6GgT-2xM-8D4YZapQ”,“old_refresh_token”:“”,“notification_type”:“new”}

== End post body == Upload contains PUT data: {“auth_code”:“lp6n-kjeTnqZkXA7kdI91A”,“new_oauth_token”:“wS2WCXlZS7mhtiYl5pybsA”,“refresh_token”:“XIYua6GgT-2xM-8D4YZapQ”,“old_refresh_token”:“”,“notification_type”:“new”}

What do you think would be a good way to connect the end user, who has logged in and permitted the client app to acceess the api, to the newly generated token.


Imported Google Group message.
Sender:Martin Buhr.
Date:Monday, 29 June 2015 20:16:32 UTC+1.

Hi Alex,

When your application processes the login and posts the data to Tyk, it will get a redirect URI and an auth_code, the auth_code is unique to a) the client and b) the user that just agreed to give the client ID access.

When the user approves the app and you get the auth_code and redirect URI, before doing the redirect, store the auth code alongside your user record.

When Tyk then approves the auth c ode to generate the token, it sends you the data you mentioned: the auth ode and the two tokens, you can use the auth code to find your user, and then associate the tokens appropriately.

It will also post to you when the refresh token is used, so that you can update your user record.

Hope that all makes sense - it’s rather convoluted with Oauth :-/


  • show quoted text -