webMethods

webMethods

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Expand all | Collapse all

Authentication is failing for api

  • 1.  Authentication is failing for api

    Posted Tue August 06, 2024 07:32 AM

    Hy everyone,

    I am facing a very strange issue. When i create token for a API it works fine for 2-3 request after some times the gateway starts unauthorizing request with the same token.
    Am using Oauth2 token, token expiration is 1 hour.

    I have clustered(3 Nodes) API Gateway with load balancer. Moreover I observed the behavior and found that only 1 Node is authorizing the requests and other 2 Nodes are unauthorizing the requests.

    any help would be highly appreciated. Screenshot is attached below, API is failing at OAuth policy.

    Thanks

    error message at policy :
    Bearer Realm = ‘Integration Server’,error = ‘invalid_token’, error_description = ‘The provided token is invalid or expired.’

    Scope matching failed for OAuth2


    #API-Gateway
    #webMethods
    #API-Management


  • 2.  RE: Authentication is failing for api

    Posted Tue August 06, 2024 01:31 PM

    Everyone,

    The issue is fixed with the help of SAG Support person.
    The issue was occurring due to the corrupt scope. In my gateway there was a scop which got corrupted due to that scope authentication was failing for many apis.
    In the IS server Logs gateway was throwing null pointer exception.


    #API-Management
    #API-Gateway
    #webMethods


  • 3.  RE: Authentication is failing for api

    Posted Fri August 09, 2024 03:34 PM

    I faced the issue again and after more investigation I found that there was null value in scope. I don’t know how it gets there but the null value in scope is causing this issue.
    so using rest API i updated the scope and then its worked fine.

    endpoint to check Scopes : http://gw_dns:port/rest/apigateway/scopes

    Update Scope : http://gw_dns:port/rest/apigateway/scopes/scope_id_here_to_update

    example Json for null in scope before updating

    {
    "id": "7632ce8b-9283-45ee-bb3a-d88750",
    "scopeName": "local:api_auth",
    "scopeDescription": "Authenticate for apis",
    "audience": "",
    "apiScopes": [
    "3dcde1ee-aa59-4f22-9126-197fdb7",
    "594d603e-ef17-4282-a7ab-091a2cb36",
    "7e363081-b51b-4b48-bed2-41c90baa",
    null,
    "6948e2ff-01c9-486a-8c68-909d9b75",
    "c5a89571-2bc2-49a5-86ce-f2a37f7a",
    "32fe4dee-143c-4cb6-a4a5-fce4332e"
    ],
    "requiredAuthScopes": [
    {
    "authServerAlias": "local",
    "scopeName": "api_auth"
    }
    ]
    }
    

    example scope Json after updating

    {
    "id": "7632ce8b-9283-45ee-bb3a-d88750",
    "scopeName": "local:api_auth",
    "scopeDescription": "Authenticate for apis",
    "audience": "",
    "apiScopes": [
    "3dcde1ee-aa59-4f22-9126-197fdb7",
    "594d603e-ef17-4282-a7ab-091a2cb36",
    "7e363081-b51b-4b48-bed2-41c90baa",
    "6948e2ff-01c9-486a-8c68-909d9b75",
    "c5a89571-2bc2-49a5-86ce-f2a37f7a",
    "32fe4dee-143c-4cb6-a4a5-fce4332e"
    ],
    "requiredAuthScopes": [
    {
    "authServerAlias": "local",
    "scopeName": "api_auth"
    }
    ]
    }
    

    #API-Gateway
    #API-Management
    #webMethods