Hy everyone,
I am facing a very strange issue. When i create token for a API it works fine for 2-3 request after some times the gateway starts unauthorizing request with the same token.
Am using Oauth2 token, token expiration is 1 hour.
I have clustered(3 Nodes) API Gateway with load balancer. Moreover I observed the behavior and found that only 1 Node is authorizing the requests and other 2 Nodes are unauthorizing the requests.
any help would be highly appreciated. Screenshot is attached below, API is failing at OAuth policy.
Thanks
error message at policy :
Bearer Realm = ‘Integration Server’,error = ‘invalid_token’, error_description = ‘The provided token is invalid or expired.’
Scope matching failed for OAuth2
Everyone,
The issue is fixed with the help of SAG Support person.
The issue was occurring due to the corrupt scope. In my gateway there was a scop which got corrupted due to that scope authentication was failing for many apis.
In the IS server Logs gateway was throwing null pointer exception.
I faced the issue again and after more investigation I found that there was null value in scope. I don’t know how it gets there but the null value in scope is causing this issue.
so using rest API i updated the scope and then its worked fine.
endpoint to check Scopes : http://gw_dns:port/rest/apigateway/scopes
Update Scope : http://gw_dns:port/rest/apigateway/scopes/scope_id_here_to_update
example Json for null in scope before updating
{
"id": "7632ce8b-9283-45ee-bb3a-d88750",
"scopeName": "local:api_auth",
"scopeDescription": "Authenticate for apis",
"audience": "",
"apiScopes": [
"3dcde1ee-aa59-4f22-9126-197fdb7",
"594d603e-ef17-4282-a7ab-091a2cb36",
"7e363081-b51b-4b48-bed2-41c90baa",
null,
"6948e2ff-01c9-486a-8c68-909d9b75",
"c5a89571-2bc2-49a5-86ce-f2a37f7a",
"32fe4dee-143c-4cb6-a4a5-fce4332e"
],
"requiredAuthScopes": [
{
"authServerAlias": "local",
"scopeName": "api_auth"
}
]
}
example scope Json after updating
{
"id": "7632ce8b-9283-45ee-bb3a-d88750",
"scopeName": "local:api_auth",
"scopeDescription": "Authenticate for apis",
"audience": "",
"apiScopes": [
"3dcde1ee-aa59-4f22-9126-197fdb7",
"594d603e-ef17-4282-a7ab-091a2cb36",
"7e363081-b51b-4b48-bed2-41c90baa",
"6948e2ff-01c9-486a-8c68-909d9b75",
"c5a89571-2bc2-49a5-86ce-f2a37f7a",
"32fe4dee-143c-4cb6-a4a5-fce4332e"
],
"requiredAuthScopes": [
{
"authServerAlias": "local",
"scopeName": "api_auth"
}
]
}