- Expose a workload
- Expose and secure a workload
- Security
No access to OAuth2 protected API Rules
Symptom
If you upgraded to Kyma 2.0 and use the evaluation profile, you could lose access to your OAuth2 protected APIRules. You may get 401 Unauthorized
with the client_id unknown
error when fetching a token for your OAuth2 Client resources.
Cause
Kyma 2.0 comes with a bumped Ory Hydra version. The update enforced a restart of Ory Hydra and Ory Hydra Maester Pods. As Ory Hydra in the evaluation profile uses an in-memory database (IMBD), the previously created OAuth2 client resources might be no longer available in the Hydra database.
Remedy
Restart the Ory Hydra Maester Pods to trigger Ory to recreate the OAuth2 client resources. Use the following command:
Click to copy
kubectl rollout restart deployment ory-hydra-maester -n kyma-system