This is a quick project that shows the Tyk OAuth request cycle from start to finish.
To try this project out:
- In your Tyk Gateway, create an API and call it
oauth2
- Set the Access Method to "Oauth 2.0"
- Select "Allowed Access Types: Authorization codes"
- Select "Allowed Authorize Types: Authorization Code"
- Set the login redirect for this API to be:
http://localhost:8000/#
- Take note of the API ID
- Add an oauth client to it and set the redirect to be
http://localhost:8000/final
- Take note of the client ID
- Create a policy that has access to this API, take not of the Policy ID
The .env file includes some default variable values. Update accordingly, as per your installation:
- Set the
API_LISTENPATH
tooauth2
(or whatever the listen path is for your OAuth API) - Set
ORG_ID
to be your Org ID (Go to users -> select your user, it is under RPC credentials) - Set
POLICY_ID
to be your policy ID - Set
API_ID
to be your API ID - Set
GATEWAY_URL
to be the host path to your gateway e.g. http://domain.com:port (note no trailing slash) NB: If running as Docker, setGATEWAY_URL
tohttp://host.docker.internal:8080
or override when running the container (see below) - Set
ADMIN_SECRET
to your the secret in yourtyk.conf
- Set
CLIENT_ID
to the value of your client ID (can be overriden when you run the app) - Set
REDIRECT_URI
to the value of your client (can be overriden when you run the app)
To run the app you can either run as go:
go run *.go
Or, a Dockerfile is provided, so you can build a Docker image and run as a container:
docker run -e GATEWAY_URL=http://host.docker.internal:8080 -p 8000:8000 --name <Docker-container-name> <Docker-image-name>
Then visit:
- Set the
Client ID
field to the value of your client ID - Set the
Redirect URI
value to the one of your client
If you've set everything up correctly, you should be taken through a full OAuth authorisation codee flow.
This app emulates two parties:
- The requester (client)
- The identity provider portal (your login page)
We make use of the Tyk REST API Authorization endpoint to complete the request cycle, you can see an API client in the util.go
file.