Scribd
Upload
13 views

Securing Api With Oauth2.0

The document discusses securing an API with OAuth2.0 using the Mule OAuth provider. It describes implementing an OAuth provider in a Mule application, creating a client, getting an access token, and applying the OAuth policy to secure an API deployed on API Manager.

Uploaded by

Anmol Panwar
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
13 views

Securing Api With Oauth2.0

The document discusses securing an API with OAuth2.0 using the Mule OAuth provider. It describes implementing an OAuth provider in a Mule application, creating a client, getting an access token, and applying the OAuth policy to secure an API deployed on API Manager.

Uploaded by

Anmol Panwar
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Securing api with oauth2.

0 using mule oauth provider

Oauth is an authorization protocol that we use to authorize the client before giving them access
to our resources.

We will be securing our api with oauth using mule oauth provider.

Ref: https://docs.mulesoft.com/api-manager/2.x/mule-oauth-provider-landing-page

First,We need to implement a mule oauth provider in our application and should deploy our
application on cloudhub.In my case i am using ngrok software to create a tunnel and get public
IP.

In this application , we should be able to create a client and get a token which will be used for
authorization.

NOTE: we are using CLIENT_CREDENTIALS grant type here.


Refer: https://oauth.net/2/grant-types/
Below is the ss for oauth config;
Create the client , http://{host}:{port}/createclient

After creating the client, we can hit http://{host}:{port}/token to get the token which will be
exchanged to use the resources.
We can also validate the token using http:/{host}:{port}/validatetoken(or any end point that you
configured)

Now mule oauth provider Implementation has been done, now we want to apply this on our
application.

You can create application with raml by providing security schemas as OAUTH2.0 and describe
headers.

Now,Publish the RAML to Exchange and Create the API in API manager.

Next step is to Apply OAuth 2.0 access token enforcement using Mule OAuth provider policy

When you are applying policy, give your mule oauth provider implementation validate token url in Access
token validation endpoint URL.

Now provide implementation of your application in studio, add api id with autodiscovery and deploy on
cloduhub ,
You will get to know in logs that your policy has been applied sucessfully,
That's how we can apply oauth2.0 security
In my case for POC purpose, i am creating http api on API manager and applying Mule OAuth provider
policy

Now i am using api id in my local system to check whether policy has been applied or not ,
seems like it has applied , screenshot for the same has been attached below.
NOTE: please take care of the Skip Client id validation option during applying policy, it may be
case specific.

When we are not passing right token

When you are passing the correct token.

You might also like