From this page in the documentation it would seem that openId connect is fully supported but this blog post sort of implies that it is in fact not?
I previously had problem with tyk returning “access to this api has been disallowed” for the openId connect configured api. Sometimes restarting tyk and the dashboard fixed the problem.
Resently updated to dashboard 1.3.9 and gateway 2.3.10. Now I get the error message “{ “error”: “Key has expired, please renew” }” on non expired keys until they actually expire and then the error message changes to “{ “error”: “Key not authorised” }”
I created the api by:
Creating an api in the dashboard and setting the authentication mode to “Open ID Connect”
Create a policy for for the api from step 1.
Edit the api from step on and add the policy and my google Client ID.
use_openid: Set to true to enable the OpenID Connect check.
openid_options.providers: A list of authorised providers and their client IDs/Matched Policies.
openid_options.providers.client_ids: The list of client IDs and policy IDs to apply to users thereof. Note: Client IDs are Base64 encoded, so the map is base64(clientid):policy_id .When a valid user appears from a matching IDP/Client ID, the policy listed in this entry will be applied to their token across OIDC ID Tokens.
openid_options.segregate_by_client: Enable this to have the policy applied to the combination of the User ID AND the Client ID. For example:
If disabled: when alice uses the mobile app to log into the API, Tyk applies the same rate limit and access rules as if she had logged in via the web app or the desktop client. If enabled: when alice uses the mobile app to log into the API, Tyk applies different rate limit and access rules than if she had logged in via the web app or the desktop client, in fact, each client and user combination will have its own internal representation.