IBM Support

LI83139: UPGRADING WITH INVALID OAUTH API WITH SECURITY DEFINITION FAILS UPGRADE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Upgrading with invalid oauth API with security definition fails
upgrade

Example:
  10.0.7.0-5560   10.0.5.5-6227        API Connect cluster
upgrade in progress - see status conditions for details   659d

API Connect operator pod starts failing with this log error

NAMESPACE                                          NAME
                                                     READY   STA

openshift-operators                                ibm-apiconne
ct-648ff4cfc-7dxxw                                   0/1     Cra

] error validating oai doc with extension:
{"status":400,"message":["The OAuth provider contains an OpenAPI
definition with validation errors."],"errors":["The value of
'name' property in the security definition 'clientIdHeader' for
a 'type' property with value 'header' must be either
'X-IBM-Client-Id' or 'X-IBM-Client-Secret' if 'x-key-type' is
not used."]}
bhendi:error [00000000-0000-0000-0000-000000000000] Error in
PATCH patch:/api/orgs/:org/oauth-providers/:oauthprovider
(oauth_provider.js:update)
 - status : 400
 - message: The OAuth provider contains an OpenAPI definition
with validation errors.
 - stack  : Error: The OAuth provider contains an OpenAPI
definition with validation errors.
 - errors : The value of 'name' property in the security
definition 'clientIdHeader' for a 'type' property with value
'header' must be either 'X-IBM-Client-Id' or
'X-IBM-Client-Secret' if 'x-key-type' is not used.:
{"status":400,"message":["The OAuth provider contains an OpenAPI
definition with validation errors."],"errors":["The value of
'name' property in the security definition 'clientIdHeader' for
a 'type' property with value 'header' must be either
'X-IBM-Client-Id' or 'X-IBM-Client-Secret' if 'x-key-type' is
not used."]}
bhendi:error [00000000-0000-0000-0000-000000000000]
invoker::invoke, error for call to patch
/orgs/ogr#/oauth-providers/auth# (operation id:
oauth_provider_update): {"status":400,"message":["The OAuth
provider contains an OpenAPI definition with validation
errors."],"errors":["The value of 'name' property in the
security definition 'clientIdHeader' for a 'type' property with
value 'header' must be either 'X-IBM-Client-Id' or
'X-IBM-Client-Secret' if 'x-key-type' is not used."]}
upgrade:upgrade [00000000-0000-0000-0000-000000000000] Error
while upgrading step : 604: {"status":400,"message":["The OAuth
provider contains an OpenAPI definition with validation
errors."],"errors":["The value of 'name' property in the
security definition 'clientIdHeader' for a 'type' property with
value 'header' must be either 'X-IBM-Client-Id' or
'X-IBM-Client-Secret' if 'x-key-type' is not used."]}
sql [00000000-0000-0000-0000-000000000000] [43469]
rollbackTransaction
sql [00000000-0000-0000-0000-000000000000] [43469]
releaseConnection
Microservice startup failed because of error:  {
 status: 400,
 message: [
   'The OAuth provider contains an OpenAPI definition with
validation errors.'
 ],
 errors: [
   "The value of 'name' property in the security definition
'clientIdHeader' for a 'type' property with value 'header' must
be either 'X-IBM-Client-Id' or 'X-IBM-Client-Secret' if
'x-key-type' is not used."
 ]
}  - stack trace: {"status":400,"message":["The OAuth provider
contains an OpenAPI definition with validation
errors."],"errors":["The value of 'name' property in the
security definition 'clientIdHeader' for a 'type' property with
value 'header' must be either 'X-IBM-Client-Id' or
'X-IBM-Client-Secret' if 'x-key-type' is not used."]}

Local fix

  • 



Problem summary


    

  • When upgrading to API Connect versions 10.0.7.0 or 10.0.5.6,
upgrade fails if invalid OAuth definitions exist.

    



Problem conclusion


    

  • Fixed in API Connect versions 10.0.8.0 and 10.0.5.7.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    LI83139
    • 

  • Reported component name
    API CONNECT ENT
    • 

  • Reported component ID
    5725Z2201
    • 

  • Reported release
    A0X
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2024-02-26
    • 

  • Closed date
    2024-04-30
    • 

  • Last modified date
    2024-04-30
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    API CONNECT ENT
    • 

  • Fixed component ID
    5725Z2201
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMNED","label":"IBM API Connect"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A0X","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            01 May 2024
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback