API Economy / API Management

Expand all | Collapse all

API Connect 2018 OAuth config error

  • 1.  API Connect 2018 OAuth config error

    Posted 10 days ago
    Hi team
    we are following the next tutorial https://www.ibm.com/support/knowledgecenter/en/SSMNED_2018/com.ibm.apic.apionprem.doc/tutorial_apionprem_oauth_passgrant.html
    but when go to "Test OAuth Security" section, specifically on point "9. Obtain an OAuth token. In this case, cURL is used to obtain the token using the following command."
    we receive the errorb629286.png error message

    Did any have the same issue?
    Ideas to test if OAuth was well configured?

    ------------------------------
    Carlos Quiroga Quiroga Technical Solutions Architect
    Technical Solutions Architect
    IBM
    Bogota
    (571) 390-1318
    ------------------------------


  • 2.  RE: API Connect 2018 OAuth config error

    Posted 9 days ago
    Yes.  I'm having the same issue on 2018.3.7.   Hopefully someone has resolved and can provide the resolution.  A similar setup on V5 works.

    ------------------------------
    Bryon Kataoka
    CTO
    Petaluma CA
    707-773-1198
    ------------------------------



  • 3.  RE: API Connect 2018 OAuth config error

    Posted 9 days ago
    While not having this same issue, I offer this advice, make sure you have at least 2 DataPower API Gateway containers running (scale the xxx-dynamic-gateway-service to 2 if not 3) and make sure all APIs including the OAuth providers have been published to your runtime.

    ------------------------------
    Devin Richards

    ------------------------------



  • 4.  RE: API Connect 2018 OAuth config error

    Posted 9 days ago
    Hi - Thanks for the response  A couple of questions.

    1. How do you ensure the backing API for OAuth Native is published?  I thought APIC was handling that for us and I never see a reference to the OAuth Native backing API.
    2. Are you saying we must have multiple gateways running?  Is that mentioned somewhere in the Knowledge Center?


    ------------------------------
    Bryon Kataoka
    CTO
    Petaluma CA
    707-773-1198
    ------------------------------



  • 5.  RE: API Connect 2018 OAuth config error

    Posted 9 days ago
    The native OAuth should get pushed, but not sure in v5 we had to add our custom providers to plans to get them to work.

    As for the DataPowers I missed the fact that you are using the "old" DataPower Gateway v5 
    with that you should directly connect to the XML Manager interface and upload the config
    with the "new" DataPower API Gateway there is an auto-peering that if configured requires more than 1 DataPower before it starts, but not really applicable in your case with a VM DataPower and not the docker image.

    Since all of the runtime is on the DataPower and that APIC servers are not really involved, you could go to the CMC and delete the existing DataPower Gateway v5  service, and go onto the DataPower management UI and make sure the Application Domain was deleted and then add it back in, as once it is back in the APIs should get pushed out to it.

    Side note I have had good luck with minikube based on JoelGauci/apicv2018 when using the --vm-driver=none option for playing with APIC locally

    ------------------------------
    Devin Richards

    ------------------------------



  • 6.  RE: API Connect 2018 OAuth config error

    Posted 9 days ago
    One thing that is odd to me the Firewall requirements
    https://www.ibm.com/support/knowledgecenter/SSMNED_2018/com.ibm.apic.install.doc/overview_apimgmt_portreqs.html

    for #7 they only list port 3000 which is for the "new" DataPower API Gateway the "old" DataPower Gateway v5 uses the XML Manager on port 5550

    here is the v5 reference
    https://www.ibm.com/support/knowledgecenter/SSMNED_5.0.0/com.ibm.apic.install.doc/overview_apimgmt_portreqs.html

    maybe check your firewall rules to open more ports?




    ------------------------------
    Devin Richards

    ------------------------------



  • 7.  RE: API Connect 2018 OAuth config error

    Posted 4 days ago
    Edited by Devin Richards 4 days ago
    I played around a bit with this on my setup in minikube and using the DataPower API Gateway so it is not exactly like you have setup but very close, and I did get an issue similar to yours.

    The problem is that when you are trying to get the token from the OAuth provider the URL you are using is not correct, by default the Developer Portal and test tool are putting in the BasePath of the API you are working on into the URL for the OAuth provider and it is not supposed to. (Needs a PMR!)

    in your example you are trying to curl
    curl -k https://apicapi-gateway-pt.appsptqa.ath.com.co/org-pt/sandbox/ibm-oauth-test/oauth2/token

    however looking at the tutorial the BasePath for the OAuth provider MainProviderOA is empty thus the token endpoint should be:
    curl -k https://apicapi-gateway-pt.appsptqa.ath.com.co/org-pt/sandbox/oauth2/token

    try that and see if it helps

    ------------------------------
    Devin Richards

    ------------------------------



  • 8.  RE: API Connect 2018 OAuth config error

    Posted 4 days ago
    Hi - we are about to open a PMR but I will give this a shot and then open the PMR.

    ------------------------------
    Bryon Kataoka
    CTO
    Petaluma CA
    707-773-1198
    ------------------------------



  • 9.  RE: API Connect 2018 OAuth config error

    Posted 3 days ago
    FYI I opened TS001498237 for the "Try it" button having the wrong OAuth endpoint


    ------------------------------
    Devin Richards

    ------------------------------