Hi All,
I'm trying to publish an API to the developer's portal, however, I'm not able authenticate.
My API uses oauth2. In my spec, I have the following security setting:
security: - bearerAuth: [] ... securitySchemes: bearerAuth: type: oauth2 flows: clientCredentials: tokenUrl: https://tui-prod-prod.apigee.net/oauth/client_credential/accesstoken?grant_type=client_credentials scopes: {}
I've created an app but, when I try to authenticate through the portal, I get an "Authorization failed" message.
The URL I'm using in tokenURL is the same I use to authenticate via Postman, and I'm able to retrieve access_token that way. It's only in the portal that it doesn't work. I've tried the URL both with '?grant_type=client_credentials' suffix and without.
Any suggestions on what I'm doing wrong or how to debug this?
Thanks.
Pedro
Can you open your browser's developer tools and see if there is any more info in the console log?
Hi Chris,
I enabled wire logging and could see that the problem was with CORS. I enabled CORS in my proxy as explained here, adding the OptionsPreflight flow and the NoRoute RouteRule, and now I can authenticate with the API. However, when I then try to access the API ('execute' button) I get a 401 Unauthorized response.
From the logs I can see that the Portal tries to send a OPTIONS request to the API, so I imagine this has to do with the CORS preflight, but it doesn't include the access token that has just been generated, so it fails the OAuth2 verification policy in the proxy. Any recommendation on what to do here?
Thanks.
@pedro ivo dantas , @chris novak :
I'm also facing same issue. if you guys found solution, please help me here .
Thanks
Dhanunjaya
I think you are running into the dreaded OAuthV2 non RFC compliant issue, check out this link: https://docs.apigee.com/api-platform/reference/policies/oauthv2-policy#non-rfc-compliant-behavior
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |