1

我使用 Tyk 2.2.0 作为 api 管理 oauth2,基本,我需要将client_credentialsoauth2 流添加为allowed_access_types. 为了通过这种新的 oauth2 访问类型生成访问令牌,我进行了以下更改:

  • 创建一个 Tyk Api:

    {
"name": "api_oauth_v2_oauth2",
"api_id": "openApi",
"org_id": "",
"definition": {
    "location": "header",
    "key": "version"
},
"use_oauth2": true,
"oauth_meta": {
    "allowed_access_types": [
        "authorization_code",
        "refresh_token",
        "client_credentials"
    ],
    "allowed_authorize_types": [
        "code",
        "token"
    ],
    "auth_login_redirect": "https://www.dev.docapost.io/dashboard/page/external/client/authorize"
},

"notifications": {
    "shared_secret": "",
    "oauth_on_keychange_url": "http://provisioning:8080/newton-provisioning-web/v1/external/notify"
},

"version_data": {
    "not_versioned": true,
    "versions": {
        "Default": {
            "name": "Default",
            "expires": "3000-01-02 15:04",
            "use_extended_paths": true,
            "extended_paths": {
                "ignored": [],
                "white_list": [
                            {"path":"/users/mobiles/{smartPhoneId}/{pushToken}","method_actions":{"PUT":{"action":"no_action"},"DELETE":{"action":"no_action"}}},                        
                            {"path":"/users","method_actions":{"GET":{"action":"no_action"}}},                        
                            {"path":"/objects/boxnumber/{boxNumber}/serialnumber/{serialNumber}","method_actions":{"PUT":{"action":"no_action"},"GET":{"action":"no_action"},"DELETE":{"action":"no_action"}}},                        
                            {"path":"/objects","method_actions":{"POST":{"action":"no_action"},"GET":{"action":"no_action"}}},                        
                            {"path":"/data/boxnumber/{boxNumber}/serialnumber/{serialNumber}/code/{code}","method_actions":{"GET":{"action":"no_action"},"POST":{"action":"no_action"}}},                        
                            {"path":"/data","method_actions":{"POST":{"action":"no_action"}}},                        
                            {"path":"/shares","method_actions":{"GET":{"action":"no_action"},"POST":{"action":"no_action"},"DELETE":{"action":"no_action"}}},                        
                            {"path":"/subscriptions/preconditions","method_actions":{"GET":{"action":"no_action"}}},                        
                            {"path":"/subscriptions/{id}/suspend","method_actions":{"PUT":{"action":"no_action"}}},                        
                            {"path":"/subscriptions/{id}/configure","method_actions":{"PUT":{"action":"no_action"}}},                        
                            {"path":"/subscriptions/{id}/resume","method_actions":{"PUT":{"action":"no_action"}}},                        
                            {"path":"/subscriptions/{id}/cancel","method_actions":{"PUT":{"action":"no_action"}}},                        
                            {"path":"/subscriptions","method_actions":{"POST":{"action":"no_action"},"GET":{"action":"no_action"}}},                        
                            {"path":"/objectmodels/{id}/partnerUri","method_actions":{"PUT":{"action":"no_action"}}},                        
                            {"path":"/objectmodels","method_actions":{"POST":{"action":"no_action"},"GET":{"action":"no_action"}}},                        
                            {"path":"/action","method_actions":{"POST":{"action":"no_action"}}},                        
                            {"path":"/organizations/repositories","method_actions":{"GET":{"action":"no_action"},"PUT":{"action":"no_action"},"DELETE":{"action":"no_action"}}},                        
                            {"path":"/repositories/{repositoryName}","method_actions":{"GET":{"action":"no_action"},"DELETE":{"action":"no_action"}}},                        
                            {"path":"/repositories","method_actions":{"PUT":{"action":"no_action"}}},                        
                            {"path":"/buckets/boxnumber/{boxNumber}/serialnumber/{serialNumber}/code/{code}","method_actions":{"GET":{"action":"no_action"}}},                        
                            {"path":"/offers","method_actions":{"GET":{"action":"no_action"}}},                        
                            {"path":"/pictures","method_actions":{"GET":{"action":"no_action"}}},                        
                            {"path":"/authentication/two-factor/code/{code}","method_actions":{"PUT":{"action":"no_action"}}},                        
                            {"path":"/authentication/two-factor/code","method_actions":{"POST":{"action":"no_action"}}},                        
                            {"path":"/scripts/{serviceName}/{functionName}","method_actions":{"POST":{"action":"no_action"}}}                        ],
                "black_list": []
            }
        }
    }
},
"proxy": {
    "listen_path": "/hub/v2/",
    "target_url": "http://mediation:8080/mediation-api/v2/",
    "strip_listen_path": true
},

"enable_batch_request_support": false

    }

  • 将 tyk 策略添加到这个新的 api openApi:

    {“默认”:{“access_rights”:{“openApi”:{“allowed_urls”:[],“api_id”:“openApi”,“api_name”:“moussiApi”,“版本”:[“默认”]}} , "active": true, "name": "default", "rate": 100, "per": 1, "quota_max": 10000, "quota_renewal_rate": 3600, "tags": ["Startup Users"] } }

  • 通过添加此行修改 tyk.conf 以附加策略

    {"policies": {
"policy_source": "file”,
"policy_record_name": "./policies/policies.json"
}

    }

  • 重新加载 Tyk 配置

    curl -X GET \ http://localhost:8082/tyk/reload/ -H 'x-tyk-authorization: 352d20ee67be67f6341b4c0605b044b8'

  • 使用新的 Api 创建新的 Oauth 客户端

    curl -X POST \ http://localhost:8082/tyk/oauth/clients/create -H 'content-type: application/json' -H 'x-tyk-authorization: 352d20ee67be67f6341b4c0605b044b8' -d '{ "api_id": “openApi”,“redirect_uri”:“ http://www.myuri.fr ”}'

  • 生成访问令牌:

    curl -X POST \ http://localhost:8082/hub/v2/oauth/token/ -H 'authorization: Basic MGFmYjBmYWUzYmZkNDNlZDQ0YzhjYTlkNWFiYWIwN2E6T0dKaU5qVXhZak10WXpObU9DMDBZVFkwTFRZME1HUXRabVZoT1dRMU1qTTBNalk0' -H 'content-type: application/x-www-form-urlencoded' -d 'client_id =0afb0fae3bfd43ed44c8ca9d5abab07a&client_secret=OGJiNjUxYjMtYzNmOC00YTY0LTY0MGQtZmVhOWQ1MjM0MjY4&grant_type=client_credentials'

client_credentials不幸的是,我在生成授权类型的访问令牌时遇到了这个错误:

{"error":"server_error","error_description":"The authorization server encountered an unexpected condition that prevented it from fulfilling the request."}


time="Jan  8 13:29:53" level=info msg="Getting client ID:0afb0fae3bfd43ed44c8ca9d5abab07a" 
time="Jan  8 13:29:54" level=info msg="[OAuth] Generating new token" 
time="Jan  8 13:29:54" level=error msg="ERROR: Couldn't use policy or key rules to create token, failing"
  • 日志
time="Jan 10 08:45:54" level=info msg="Initiating reload" 
time="Jan 10 08:45:54" level=info msg="Reload URL Structure - Scheduled" 
time="Jan 10 08:46:04" level=info msg="Loading API Specification from /USR/newtprod/tyk/apps/app_api_oauth_v2_oauth2.json" 
time="Jan 10 08:46:04" level=info msg="Detected 1 APIs" 
time="Jan 10 08:46:04" level=info msg="Loading API configurations." 
time="Jan 10 08:46:04" level=info msg="--> Loading API: api_oauth_v2_oauth2" 
time="Jan 10 08:46:04" level=info msg="----> Tracking: (no host)" 
time="Jan 10 08:46:04" level=info msg="----> Checking security policy: OAuth" 
time="Jan 10 08:46:04" level=info msg="----> Setting Listen Path: /hub/v2/" 
time="Jan 10 08:46:04" level=info msg="Loading uptime tests..." 
time="Jan 10 08:46:04" level=info msg="Initialised API Definitions" 
time="Jan 10 08:46:04" level=info msg="API reload complete" 
time="Jan 10 08:59:24" level=info msg="Getting client ID:14b2ac609a35405169ee3804db1ab406" 
time="Jan 10 08:59:24" level=info msg="[OAuth] Generating new token" 
time="Jan 10 08:59:24" level=error msg="ERROR: Couldn't use policy or key rules to create token, failing"

请有任何想法。谢谢

4

1 回答 1

1

我刚刚使用此 Oauth2 访问流程完成了完整的身份验证。

请注意,您可能必须重新启动 tyk 服务,简单的重新加载不会将新策略加载到内存中。

我在几天前发布的一篇文章中对此进行了说明。

https://dzone.com/articles/tyk-management-api-oauth2-client-credentials-flow

于 2018-01-23T09:59:13.023 回答