Layer7 API Management

  • 1.  OAuth2 test client with OTK 3.6

    Posted Sep 08, 2017 04:46 PM

    I am also looking to use the API Gateway 9.2 as an OAuth2 Authorization Server with the OTK 3.6.  This is all done using a single container with the caapmi/gateway 9.2.00-7070_CR01 Docker image.  I went through all the steps as specified on the OTK Wiki as well as this handy Youtube video; however, when I use the OAuth2 test client with Authorization code, I got an "oob" scope back upon the handshake.  Upon granting access, I don't get back an access token.

     

    Any debugging tips or if I messed up somewhere?

     

    Thanks,

    Liem



  • 2.  Re: OAuth2 test client with OTK 3.6

    Posted Sep 11, 2017 10:41 AM

    Did you configure the token server for the testclient? If not your route in the client will fail and you won't get the token. 



  • 3.  Re: OAuth2 test client with OTK 3.6

    Posted Sep 11, 2017 12:23 PM

    Yes, I did modify the callback URLs and replace <YOUR_SSG> place-holder per the OTK Wiki.



  • 4.  Re: OAuth2 test client with OTK 3.6

    Broadcom Employee
    Posted Sep 12, 2017 05:00 PM

    Hi Liem. Restart the Gateway. The oob (out of bounds) scope should disappear.



  • 5.  Re: OAuth2 test client with OTK 3.6
    Best Answer

    Posted Sep 12, 2017 06:50 PM

    FYI... I figured out the problem (thanks to Derek Orr for pointing me in the right direction!).  For those who are using the OTK with the Docker form-factor of the API Gateway....

     

    The issue is because I am running the OTK test clients and OTK Authorization server on a Docker container.  The OTK test client tries to reach the Authorization server via the ${request.url.host}, which is the host's IP.  Of course, it cannot reach it because it is within the container.  So, my simple fix is to change the host_oauth2_auth_server properties to localhost (or whatever container IP you are running the Authorization server on) and it works!

     

    Cheers,

    Liem