Oauth Tyk Ouath2流客户端\u凭据错误:无法&\x27;无法使用策略或密钥规则创建令牌,失败
我正在使用Tyk 2.2.0作为api管理oauth2,basic,我需要将Oauth Tyk Ouath2流客户端\u凭据错误:无法&\x27;无法使用策略或密钥规则创建令牌,失败,oauth,oauth-2.0,tyk,Oauth,Oauth 2.0,Tyk,我正在使用Tyk 2.2.0作为api管理oauth2,basic,我需要将客户端\u凭据oauth2流添加为允许的\u访问类型。 为了通过这个新的oauth2访问类型生成访问令牌,我做了以下更改: 创建一个Tyk Api: { "name": "api_oauth_v2_oauth2", "api_id": "openApi", "org_id": "", "definition": { "location": "header", "key": "version" }, "u
客户端\u凭据
oauth2流添加为允许的\u访问类型
。
为了通过这个新的oauth2访问类型生成访问令牌,我做了以下更改:
- 创建一个Tyk Api:
}{ "name": "api_oauth_v2_oauth2", "api_id": "openApi", "org_id": "", "definition": { "location": "header", "key": "version" }, "use_oauth2": true, "oauth_meta": { "allowed_access_types": [ "authorization_code", "refresh_token", "client_credentials" ], "allowed_authorize_types": [ "code", "token" ], "auth_login_redirect": "https://www.dev.docapost.io/dashboard/page/external/client/authorize" }, "notifications": { "shared_secret": "", "oauth_on_keychange_url": "http://provisioning:8080/newton-provisioning-web/v1/external/notify" }, "version_data": { "not_versioned": true, "versions": { "Default": { "name": "Default", "expires": "3000-01-02 15:04", "use_extended_paths": true, "extended_paths": { "ignored": [], "white_list": [ {"path":"/users/mobiles/{smartPhoneId}/{pushToken}","method_actions":{"PUT":{"action":"no_action"},"DELETE":{"action":"no_action"}}}, {"path":"/users","method_actions":{"GET":{"action":"no_action"}}}, {"path":"/objects/boxnumber/{boxNumber}/serialnumber/{serialNumber}","method_actions":{"PUT":{"action":"no_action"},"GET":{"action":"no_action"},"DELETE":{"action":"no_action"}}}, {"path":"/objects","method_actions":{"POST":{"action":"no_action"},"GET":{"action":"no_action"}}}, {"path":"/data/boxnumber/{boxNumber}/serialnumber/{serialNumber}/code/{code}","method_actions":{"GET":{"action":"no_action"},"POST":{"action":"no_action"}}}, {"path":"/data","method_actions":{"POST":{"action":"no_action"}}}, {"path":"/shares","method_actions":{"GET":{"action":"no_action"},"POST":{"action":"no_action"},"DELETE":{"action":"no_action"}}}, {"path":"/subscriptions/preconditions","method_actions":{"GET":{"action":"no_action"}}}, {"path":"/subscriptions/{id}/suspend","method_actions":{"PUT":{"action":"no_action"}}}, {"path":"/subscriptions/{id}/configure","method_actions":{"PUT":{"action":"no_action"}}}, {"path":"/subscriptions/{id}/resume","method_actions":{"PUT":{"action":"no_action"}}}, {"path":"/subscriptions/{id}/cancel","method_actions":{"PUT":{"action":"no_action"}}}, {"path":"/subscriptions","method_actions":{"POST":{"action":"no_action"},"GET":{"action":"no_action"}}}, {"path":"/objectmodels/{id}/partnerUri","method_actions":{"PUT":{"action":"no_action"}}}, {"path":"/objectmodels","method_actions":{"POST":{"action":"no_action"},"GET":{"action":"no_action"}}}, {"path":"/action","method_actions":{"POST":{"action":"no_action"}}}, {"path":"/organizations/repositories","method_actions":{"GET":{"action":"no_action"},"PUT":{"action":"no_action"},"DELETE":{"action":"no_action"}}}, {"path":"/repositories/{repositoryName}","method_actions":{"GET":{"action":"no_action"},"DELETE":{"action":"no_action"}}}, {"path":"/repositories","method_actions":{"PUT":{"action":"no_action"}}}, {"path":"/buckets/boxnumber/{boxNumber}/serialnumber/{serialNumber}/code/{code}","method_actions":{"GET":{"action":"no_action"}}}, {"path":"/offers","method_actions":{"GET":{"action":"no_action"}}}, {"path":"/pictures","method_actions":{"GET":{"action":"no_action"}}}, {"path":"/authentication/two-factor/code/{code}","method_actions":{"PUT":{"action":"no_action"}}}, {"path":"/authentication/two-factor/code","method_actions":{"POST":{"action":"no_action"}}}, {"path":"/scripts/{serviceName}/{functionName}","method_actions":{"POST":{"action":"no_action"}}} ], "black_list": [] } } } }, "proxy": { "listen_path": "/hub/v2/", "target_url": "http://mediation:8080/mediation-api/v2/", "strip_listen_path": true }, "enable_batch_request_support": false
- 将tyk策略添加到此新api openApi: { “默认值”:{ “访问权限”:{ “openApi”:{ “允许的URL”:[], “api_id”:“openApi”, “api_名称”:“moussiApi”, “版本”:[ “默认值” ] } }, “主动”:正确, “名称”:“默认值”, “费率”:100, “per”:1, “配额上限”:10000, “配额更新率”:3600, “标记”:[“启动用户”] } }
- 通过添加以下行修改tyk.conf以附加策略
}{"policies": { "policy_source": "file”, "policy_record_name": "./policies/policies.json" }
- 重新加载Tyk配置 curl-xget\ -H'x-tyk-授权:352d20ee67be67f6341b4c0605b044b8'
- 使用新Api创建新的Oauth客户端 curl-X柱\ -H'内容类型:应用程序/json' -H'x-tyk-授权:352d20ee67be67f6341b4c0605b044b8' -d'{ “api_id”:“openApi”, “重定向uri”:” }"
- 生成访问令牌: curl-X POST-H“授权:基本MGFMYJBMyWuzymzkndLzdq0yzhjytlknwfiywiwn2e6t0dkau5qvxhzak10wxpobu9dmdbzvfkwtfrzme1huxrabvzot1drmu1qttbnalk0'-H”内容类型:application/X-www-form-urlencoded'-d'客户id=0afb0fae3bfd43ed44c8ca9d5abab07a和客户机密=Ogjinjuxyjmtyznmo00YT0LTY0MGqtzmVHOWQ1MJM0MJY4和授权类型=客户凭证'
client\u凭据生成访问令牌时遇到了此错误
grant type:
- 日志
谢谢我刚刚用这个Oauth2访问流完成了完全身份验证 请注意,您可能需要重新启动tyk服务,这是一个简单的重新加载 不会将新策略加载到内存中 我在几天前发布的一篇文章中对此进行了说明
{"error":"server_error","error_description":"The authorization server encountered an unexpected condition that prevented it from fulfilling the request."}
time="Jan 8 13:29:53" level=info msg="Getting client ID:0afb0fae3bfd43ed44c8ca9d5abab07a"
time="Jan 8 13:29:54" level=info msg="[OAuth] Generating new token"
time="Jan 8 13:29:54" level=error msg="ERROR: Couldn't use policy or key rules to create token, failing"
time="Jan 10 08:45:54" level=info msg="Initiating reload"
time="Jan 10 08:45:54" level=info msg="Reload URL Structure - Scheduled"
time="Jan 10 08:46:04" level=info msg="Loading API Specification from /USR/newtprod/tyk/apps/app_api_oauth_v2_oauth2.json"
time="Jan 10 08:46:04" level=info msg="Detected 1 APIs"
time="Jan 10 08:46:04" level=info msg="Loading API configurations."
time="Jan 10 08:46:04" level=info msg="--> Loading API: api_oauth_v2_oauth2"
time="Jan 10 08:46:04" level=info msg="----> Tracking: (no host)"
time="Jan 10 08:46:04" level=info msg="----> Checking security policy: OAuth"
time="Jan 10 08:46:04" level=info msg="----> Setting Listen Path: /hub/v2/"
time="Jan 10 08:46:04" level=info msg="Loading uptime tests..."
time="Jan 10 08:46:04" level=info msg="Initialised API Definitions"
time="Jan 10 08:46:04" level=info msg="API reload complete"
time="Jan 10 08:59:24" level=info msg="Getting client ID:14b2ac609a35405169ee3804db1ab406"
time="Jan 10 08:59:24" level=info msg="[OAuth] Generating new token"
time="Jan 10 08:59:24" level=error msg="ERROR: Couldn't use policy or key rules to create token, failing"