oauth2 token add to header as Bearer Token

[dnltech2020]

Describe the bug

need a way to add Authorization header with the Bearer token that is got by the oauth2 configuration.

What do you see?

I keep seeing endpoint success=false. I have added the oauth2 configuration which is correct, but the token needs to be added as a Header of Authorization = Bearer

What do you expect to see?

even with the oauth2 configuration I'm still seeing endpoint success=false

List the steps that must be taken to reproduce this issue

deploy helm chart configure oauth2 add POST for an API

Version

v4.2.0

Additional information

none

[Kloox]

Hi,

I was testing gatus and found your issue (quite old but maybe my answer can help someone else).

I think you misunderstand the issue:

When you add a valid oauth2 configuration, if the /oauth/token endpoint (aka token-url parameter) respond with a valid response (valid status code + access_token in the payload response) your endpoint test will not throw an error and will add the token in a Authorization: Bearer header.

However it does not mean that the access token that you just claim have the permissions required to authenticate on the endpoint.

What seems most likely to me in your case is that your provider sent you an invalid token that will result in a 401/403 response. So you will have no errors but a fail status (because I assume you're endpoint conditions except a status code == 200 or something similar).

Why was I provided an invalid token? The answer can vary depending your provider but I can share my experience with Gitlab SaaS Oauth2:

• Gatus client oauth2 configuration use the client credentials grant type which needs only your client id and secret id of your application.
• Gitlab SaaS does not allow explicitly the client credentials grant type but only the authorization code and resource owner credentials.
• However if you try to claim an access token with the client credentials grant type at https://gitlab.com/oauth/token, it will respond with an access token without error.
• But if you decode the access_token using the gitlab api (GET https://gitlab.com/oauth/token/info?access_token=XXXX) I can see that the resource_owner_id is set to null. So most gitlab saas endpoint will respond with 401/403/404 status code because the gitlab backend is unable to determine your identity with this token. If you generate an access token with the authorization code grant resource_owner_id will be set to your gitlab user id and the token will work without issue.

In my case, the only way to use the gitlab oauth2 with a client credentials grant type is to use your own gitlab instance, to allow the instance-wide application which allow a client_credentials grant type.

If you are confused I suggest you to read : https://datatracker.ietf.org/doc/html/rfc6749#section-1.3