Can't authenticate API in developer's portal

anonymous · November 12, 2019, 10:37am

Hi All,

I’m trying to publish an API to the developer’s portal, however, I’m not able authenticate.

My API uses oauth2. In my spec, I have the following security setting:

security: 
  - bearerAuth: []  

...

securitySchemes:
    bearerAuth:
      type: oauth2
      flows:
        clientCredentials:
          tokenUrl: [https://tui-prod-prod.apigee.net/oauth/client_credential/accesstoken?grant_type=client_credentials](https://tui-prod-prod.apigee.net/oauth/client_credential/accesstoken?grant_type=client_credentials)
          scopes: {}

I’ve created an app but, when I try to authenticate through the portal, I get an “Authorization failed” message.

The URL I’m using in tokenURL is the same I use to authenticate via Postman, and I’m able to retrieve access_token that way. It’s only in the portal that it doesn’t work. I’ve tried the URL both with ‘?grant_type=client_credentials’ suffix and without.

Any suggestions on what I’m doing wrong or how to debug this?

Thanks.

Pedro

chrisnovak · November 12, 2019, 6:35pm

Can you open your browser’s developer tools and see if there is any more info in the console log?

anonymous · November 13, 2019, 3:49pm

Hi Chris,

I enabled wire logging and could see that the problem was with CORS. I enabled CORS in my proxy as explained here, adding the OptionsPreflight flow and the NoRoute RouteRule, and now I can authenticate with the API. However, when I then try to access the API (‘execute’ button) I get a 401 Unauthorized response.

From the logs I can see that the Portal tries to send a OPTIONS request to the API, so I imagine this has to do with the CORS preflight, but it doesn’t include the access token that has just been generated, so it fails the OAuth2 verification policy in the proxy. Any recommendation on what to do here?

Thanks.

anonymous · May 28, 2020, 9:45am

@pedro ivo dantas , @chris novak :

I’m also facing same issue. if you guys found solution, please help me here .

Thanks

Dhanunjaya

chrisnovak · May 28, 2020, 5:17pm

I think you are running into the dreaded OAuthV2 non RFC compliant issue, check out this link: https://docs.apigee.com/api-platform/reference/policies/oauthv2-policy#non-rfc-compliant-behavior

Topic		Replies	Views
Dev portal invocation - External OAuth Apigee developer-portal	1	0	October 12, 2018
Developer Portal SmartDocs oAuth issue Apigee developer-portal	4	3	February 7, 2019
Basic Authentication not working from Developer portal Apigee developer-portal	3	3	March 10, 2019

Can't authenticate API in developer's portal

AI Suggested topics