How to Secure Your MuleSoft APIs with OAuth 2.0 Provider?

Keeping things safe is crucial for a project to work well. Mulesoft, as a platform, has various rules to make sure things are secure. One important rule is the OAuth 2.0 rule. It only works with Mule's OAuth provider app, which checks if the token in the request is valid. If the token is valid, access to the app is granted.

Mule OAuth 2.0 Provider is a solution developed by MuleSoft. It’s an OAuth provider that can be used in any MuleSoft API Platform organization.

Mule OAuth 2.0 Provider Overview

The Mule OAuth 2.0 Provider is a solution developed by MuleSoft that can be utilized within any MuleSoft API Platform organization.

Steps to Create a Mule OAuth Provider

Step 1: Create a New Mule Project

• Open Anypoint Studio and create a new project, e.g., mule-oauth-provider.

Step 2: Add Dependencies in pom.xml

#Mule Oauth provider dependency<dependency>

  <groupId>com.mulesoft.modules</groupId>

  <artifactId>mule-oauth2-provider-module</artifactId>

  <version>1.0.12</version>

  <classifier>mule-plugin</classifier>

</dependency>#Object Store dependency

<dependency>

  <groupId>org.mule.connectors</groupId>

  <artifactId>mule-objectStore-connector</artifactId>

  <version>1.2.1</version>

  <classifier>mule-plugin</classifier>

</dependency>

Note: version may differ according to latest release.

Step 3: Create Required Global Elements.

# For storing client information –

1. Click on the create button, and in the filter search for object store.

   
   

   

   
   

2. Now, click on Object Store and add values as below.

   
   

   

   
   

   # For storing token information-
   

   • Follow the same steps as client_os to create token_os.
     

   # Create a listener configuration as below:-
   

   

   
   

   Create Oauth Provider config:-
   

   1. Go to Global Elements and search for OAuth2 Provider Config

   2. Select the config and add below properties:-
   

   Create a listener configuration as specified.
   

   OAuth Provider Configuration
   

   • Go to Global Elements and search for OAuth2 Provider Config.

   • Set the properties:
     

     • Listener Config: Use the listener configuration created earlier.

     • Client Store: Reference the client object store (client_os).

     • Supported Grant Type: Set to CLIENT_CREDENTIALS.

     • Path: /token

     • Token Store: Reference the token object store (token_os).
       

   

   
   

   Step 4: create a flow in which you add a listener & add a path as /creatClient
   

   And add a create client connector with the following details:
   

   • name = Create client

   • config-ref=OAuth2_Provider_Config

   • clientId = attributes.headers.client_Id

   • secret = attributes.headers.client_secret

   • clientName = attributes.headers.client_name

   • authorizedGrantTypes = CLIENT_CREDENTIALS

   • fail If Present = true

   • type = CONFIDENTIAL

   
   

   

   
   

   

   
   

   Step 5: Create another flow for validating the token. Add a listener to the source from Mule palette, for the listener config refer to the same as before and give path as /validate.

   
   

   

   
   

   Step 6: Now, put the validate token connector in the flow after the listener and give reference to Oauth2_Provider_Confi,g which we created earlier.

   
   

   

   
   

   #Now our OAuth Provider API is ready, just deploy it and test it from Postman
   

   Creating a Postman collection

   
   

   We need to create a client for our application for which we want to create the token.
   

   Create Client: hitting /createClient API
   

   To create a client, send the following details in the headers
   

   Client_id:- Client ID of the client API

   Client_secret:- Client secret of the client API

   Client_name:- name of the client

   
   

   

   
   

3. Now generating a token for the above client.

   
   

   Generate token: hitting /token API
   

   To generate the token, give the following headers:-
   

   Client_id:- Client ID of the client API

   Client_secret:- Client secret of the client API

   Grant_type :- CLIENT_CREDENTIALS

   
   

   (Note: Credentials are the same as we used while creating the client in the above request.)

   
   

   

   
   

   Validate Token:- (/Validate)
   

   To validate the token, we need to add Authorization Bearer <<token>> in the headers

   (note:- The token’s value is the one received from the response to the above /token request.)
   

   

   This revised guide enhances readability and provides a clear, step-by-step approach to implementing an OAuth provider in MuleSoft.

Read Also: Streamline Your MuleSoft Development