Microgateway not working with OAuth

Experimenting with Micro Gateway on my MacOS 10.12.6 device. Was able to configure and get it working without OAuth. When I try to enable OAuth with API Key. I get a 401 Unauthorized invalid token:

curl -i http://localhost:8000/edgemicro_steve_proxy/ -H "x-api-key: redacted" HTTP/1.1 401 Unauthorized content-type: application/json Date: Thu, 05 Oct 2017 12:31:05 GMT Connection: keep-alive Content-Length: 25 Proxy-Connection: keep-alive {"error":"invalid_token"}

I have 2 colleague with Micro gateway installed and same API key is successful on those 2 micro gateways. I've verified/copied their config yaml but still get invalid token.

Debug log shows this:

LIBP45P-16591WL:~ n0001010$ DEBUG=* /Users/n0001010/Downloads/microgateway257/node_modules/edgemicro/cli/edgemicro start -o internal -e sandbox -k redacted-s redacted -c /Users/n0001010/.edgemicro current nodejs version is v6.11.3 current edgemicro version is 2.5.7 apigee Operating without access to apigee-access +0ms info: jwk_public_keys download from null returned 200 undefined info: jwt_public_key download from https://sandbox.api.npx.lmig.com/edgemicro-auth/publicKey returned 200 OK info: products download from https://sandbox.api.npx.lmig.com/edgemicro-auth/products returned 200 OK info: config download from https://sandbox.api.npx.lmig.com/edgemicro/bootstrap/organization/internal/environment/sandbox returned 200 OKconnection': 'Keep-Alive', 'x-api-key': 'Ronbx6MFg6v7wHCDNvrBrYuZI49Xlw7U', connection: 'keep-alive', client_received_start_timestamp: 1507207864134 } GET /edgemicro_steve_proxy/ +0ms gateway:errors invalid_token +207ms

Here is the version:

LIBP45P-16591WL:~ n0001010$ DEBUG=* /Users/n0001010/Downloads/microgateway257/node_modules/edgemicro/cli/edgemicro start -o internal -e sandbox -k ea891fc9448d0ea505f126ed3a9d08ec6674b5c17384c756f1d8b6f7bd0d142e -s d31ba02320ad429d75c106efc61d304866ec144d504c5776decdc70f7b291de2 -c /Users/n0001010/.edgemicro current nodejs version is v6.11.3 current edgemicro version is 2.5.7 apigee Operating without access to apigee-access +0ms info: jwk_public_keys download from null returned 200 undefined info: jwt_public_key download from https://sandbox.api.npx.lmig.com/edgemicro-auth/publicKey returned 200 OK info: products download from https://sandbox.api.npx.lmig.com/edgemicro-auth/products returned 200 OK info: config download from https://sandbox.api.npx.lmig.com/edgemicro/bootstrap/organization/internal/environment/sandbox returned 200 OK

My collegues are running node version 8.5.X . I did try that version but still get same error.

Thanks for any insights on what the issue may be.

0 2 1,421
2 REPLIES 2

Former Community Member
Not applicable

My best guess at this point is there is a time sync issue between your laptop and the Apigee Server. Let me explain:

When you send an API Key to MG, a sideway call is made to the Apigee Edge org (that is running the edgemicro-auth proxy). The call returns (if the key is valid) a JWT with claims on what APIs/Products the API Key can access.

In your case, I think the JWT from Apigee (nbf or iat) is out of sync with your machine's time and therefore MG is rejecting the token.

Here is an option, In the config.yaml file, add the following;

oauth:
  allowNoAuthorization: true
  allowInvalidAuthorization: true
  gracePeriod: 10
  verify_api_key_url: 'https://amer-demo13-test.apigee.net/edgemicro-auth/verifyApiKey'

this should give you a 10 second gracePeriod.

That was the issue! That resolved the issue. Thanks.