This demo how Tyk can do the flow of a client in OAuth2.0 Client_credentials flow. Tyk requests for an access_token which later is forwareded to the backend service (in this case, it's a local httpbin service) and then returns to the user the header it had sent to httpbin, i.e. the value of Authorization header as a proof that the backend had re…

auth0OAuthClientCredVirtualHandler.js

function auth0OAuthClientCredVirtualHandler (request, session, config) {

    log("request object: " + JSON.stringify(request))
    log("---")
    
    //Make api call to upstream target
    oauthClientRequest = {
        "Method": "POST",
        "Body": "{\"client_id\":\"{PASTE-YOUR-OWN-CLIEND-ID}\",\"client_secret\":\"{PASTE-YOUR-OWN-CLIEND-SECRET}\",\"audience\":\"auth0-id\",\"grant_type\":\"client_credentials\"}",
        "Headers": {"content-type":"application/json"},
        "Domain": "https://{YOUR-ORG-NAME}.eu.auth0.com",
        "Resource": "/oauth/token"
    };
    var oauthClientRequestStr = JSON.stringify(oauthClientRequest)
    log("oauthClientRequest object: " + oauthClientRequestStr)
    
    rawlog("--- before get to upstream ---")
    oauthASResp = TykMakeHttpRequest(oauthClientRequestStr);
    rawlog("--- After get to upstream ---")
    
    log ('----')
    oauthASRespObj = JSON.parse(oauthASResp);
    var oauthASRespCode = JSON.parse(oauthASRespObj.Code);
    log('oauthASRespCode: ' + oauthASRespCode);
    
    var userRespCode = oauthASRespCode
    var userResponseBody = "empty body"
    if (oauthASRespCode != 200) 
    {
        userResponseBody = "Error returned from AS (OAuth2.0 client credentials flow)."
        log("The request that was sent and failed to the AS: " + oauthClientRequestStr)
    }
    else 
    {
        log('oauthASRespObj.Body: ' + oauthASRespObj.Body);
        oauthASRespBodyObj = JSON.parse(oauthASRespObj.Body)
        var backendReqAuthorization = oauthASRespBodyObj["access_token"]
        log ("backendReqAuthorization: " + backendReqAuthorization)
        
        backendRequest = {
        "Method": "GET",
        //"Body": "{\"empty\":\"body\"}",
        //"Headers": {"content-type":"application/json", "Authorization:": backendReqAuthorization},
        "Headers": {"Authorization": "Bearer " + backendReqAuthorization},
        "Domain": "http://0.0.0.0:80",
        "Resource": "/get"
        };
        var backendRequestStr = JSON.stringify(backendRequest)
        log('backendRequestStr: ' + backendRequestStr);
        var backendRequestObj = JSON.parse(backendRequestStr)
        
        rawlog("--- Before get to upstream ---")
        var backendResponse = TykMakeHttpRequest(backendRequestStr);
        rawlog("--- After get to upstream ---")
        
        backendRespObj = JSON.parse(backendResponse);
        userRespCode = JSON.parse(backendRespObj.Code);
        log('userRespCode: ' + userRespCode);

        if (userRespCode != 200) 
        {
            userResponseBody = "Error returned from backend. request was:" + JSON.stringify(backendRequest)
        }
        else
        {
            backendRespBodyObj = JSON.parse(backendRespObj.Body)
            backendRespAuthorization = backendRespBodyObj.headers["Authorization"]
            userResponseBody = backendRespAuthorization
        }
    }
    
    var responseObject = {
        Body: "access_token from body resp of a backend: "+ userResponseBody,
        Headers: {
            "oauth-client": "client_credentials."
        },
        Code: userRespCode
    }
    //log('responseObject: ' +  JSON.stringify(responseObject));
    rawlog ('----')
    rawlog("Virtual endpoint about to end")
    rawlog ('----')
    return TykJsResponse(responseObject, session.meta_data)
}

This demo how Tyk can do the flow of a client in OAuth2.0 Client_credentials flow. Tyk requests for an access_token which later is forwarded to the backend service (in this case, it's a local httpbin service) and then returns to the user the header it had sent to httpbin, i.e. the value of Authorization header as a proof that the backend had received that header.