Authentication is failing for api

mhaseeb.tariq · August 6, 2024, 11:31am

Hy everyone,

I am facing a very strange issue. When i create token for a API it works fine for 2-3 request after some times the gateway starts unauthorizing request with the same token.
Am using Oauth2 token, token expiration is 1 hour.

I have clustered(3 Nodes) API Gateway with load balancer. Moreover I observed the behavior and found that only 1 Node is authorizing the requests and other 2 Nodes are unauthorizing the requests.

any help would be highly appreciated. Screenshot is attached below, API is failing at OAuth policy.

Thanks

error message at policy :
Bearer Realm = ‘Integration Server’,error = ‘invalid_token’, error_description = ‘The provided token is invalid or expired.’

Scope matching failed for OAuth2

mhaseeb.tariq · August 6, 2024, 5:31pm

Everyone,

The issue is fixed with the help of SAG Support person.
The issue was occurring due to the corrupt scope. In my gateway there was a scop which got corrupted due to that scope authentication was failing for many apis.
In the IS server Logs gateway was throwing null pointer exception.

mhaseeb.tariq · August 9, 2024, 7:34pm

I faced the issue again and after more investigation I found that there was null value in scope. I don’t know how it gets there but the null value in scope is causing this issue.
so using rest API i updated the scope and then its worked fine.

endpoint to check Scopes : http://gw_dns:port/rest/apigateway/scopes

Update Scope : http://gw_dns:port/rest/apigateway/scopes/scope_id_here_to_update

example Json for null in scope before updating

{
	"id": "7632ce8b-9283-45ee-bb3a-d88750",
	"scopeName": "local:api_auth",
	"scopeDescription": "Authenticate for apis",
	"audience": "",
	"apiScopes": [
		"3dcde1ee-aa59-4f22-9126-197fdb7",
		"594d603e-ef17-4282-a7ab-091a2cb36",
		"7e363081-b51b-4b48-bed2-41c90baa",
		null,
		"6948e2ff-01c9-486a-8c68-909d9b75",
		"c5a89571-2bc2-49a5-86ce-f2a37f7a",
		"32fe4dee-143c-4cb6-a4a5-fce4332e"
	],
	"requiredAuthScopes": [
		{
			"authServerAlias": "local",
			"scopeName": "api_auth"
		}
	]
}

example scope Json after updating

{
	"id": "7632ce8b-9283-45ee-bb3a-d88750",
	"scopeName": "local:api_auth",
	"scopeDescription": "Authenticate for apis",
	"audience": "",
	"apiScopes": [
		"3dcde1ee-aa59-4f22-9126-197fdb7",
		"594d603e-ef17-4282-a7ab-091a2cb36",
		"7e363081-b51b-4b48-bed2-41c90baa",
		"6948e2ff-01c9-486a-8c68-909d9b75",
		"c5a89571-2bc2-49a5-86ce-f2a37f7a",
		"32fe4dee-143c-4cb6-a4a5-fce4332e"
	],
	"requiredAuthScopes": [
		{
			"authServerAlias": "local",
			"scopeName": "api_auth"
		}
	]
}

Topic		Replies	Views
Securing APIs using OAuth 2 in API Gateway Knowledge base webMethods , API-Management , API-Gateway	4	19892	August 13, 2023
Any one did oAuth2 Authentication with Azure AD as External Authorization in API GW webMethods , API-Management , API-Gateway , oauth2 , Azure-Authorization-Server , webMethods-API-GW	8	684	August 13, 2024
Application access tokens do not match across cluster webMethods , API-Management , API-Gateway	4	470	February 10, 2024
Authenticating webMethods.io API Gateway APIs using OKTA as authorization server for OAuth mechanism Knowledge base webMethods , API-Management , API-Gateway	3	2421	February 12, 2024
API Gateway 10.7 OAuth token expiry date/time issue webMethods , API-Management , API-Gateway	4	1589	January 10, 2022

Authentication is failing for api

Related topics