top of page
Blog Page(1902x420).jpg

Keep your business ahead with

Insights That Drive Innovation

How to Secure Your MuleSoft APIs with OAuth 2.0 Provider?

Keeping things safe is crucial for a project to work well. Mulesoft as a platform, has various rules to make sure things are secure. One important rule is the OAuth 2.0 rule. It only works with Mule's OAuth provider app, which checks if the token in the request is valid. If the token is valid, access to the app is granted.

Mule OAuth 2.0 Provider is a solution developed by MuleSoft. It’s an OAuth provider that can be used in any MuleSoft API Platform organization.




Mule OAuth 2.0 Provider Overview

The Mule OAuth 2.0 Provider is a solution developed by MuleSoft that can be utilized within any MuleSoft API Platform organization.

Steps to Create a Mule OAuth Provider


Step 1: Create a New Mule Project

  • Open Anypoint Studio and create a new project, e.g., mule-oauth-provider.


Step 2: Add Dependencies in pom.xml


#Mule Oauth provider dependency<dependency>

  <groupId>com.mulesoft.modules</groupId>

  <artifactId>mule-oauth2-provider-module</artifactId>

  <version>1.0.12</version>

  <classifier>mule-plugin</classifier>

</dependency>#Object Store dependency


<dependency>

  <groupId>org.mule.connectors</groupId>

  <artifactId>mule-objectStore-connector</artifactId>

  <version>1.2.1</version>

  <classifier>mule-plugin</classifier>

</dependency>


Note: version may differ according to latest release.


Step 3 : Create Required Global Elements.

# For storing client information –

  1. Click on the create button and in the filter search for object store.



  2. Now click on Object Store and add values as below.



    # For storing token information-

    • follow the same steps as client_os to create token_os.

    # Create a listener configuration as below:-



    Create Oauth Provider config:-

    1. Go to Global Elements and search for OAuth2 Provider Config

    2. Select the config and add below properties:-

    Create a listener configuration as specified.

    OAuth Provider Configuration

    • Go to Global Elements and search for OAuth2 Provider Config.

    • Set the properties:

      • Listener Config: Use the listener configuration created earlier.

      • Client Store: Reference the client object store (client_os).

      • Supported Grant Type: Set to CLIENT_CREDENTIALS.

      • Path: /token

      • Token Store: Reference the token object store (token_os).


    Step 4: create a flow in which add a listener & Add path as /creatClient

    And add create client connector with following details:

    • name = Create client

    • config-ref=OAuth2_Provider_Config

    • clientId = attributes.headers.client_Id

    • secret = attributes.headers.client_secret

    • clientName = attributes.headers.client_name

    • authorizedGrantTypes = CLIENT_CREDENTIALS

    • fail If Present = true

    • type = CONFIDENTIAL




    Step 5: create another flow for validating the token. Add listener to the source from mule palette , for listener config refer the same as before and give path as /validate .



    Step 6: Now put the validate token connector in the flow after the listener and give reference to Oauth2_Provider_Config which we created earlier.



    #Now our OAuth Provider API is ready , just deploy it and test it from postman

    Creating postman collection


    We need to create a client for our application for which we want to create the token.

    Create Client: hitting /createClient API

    For creating a client send the following details in the headers

    Client_id :- Client Id of the client API

    Client_secret :- Client secret of the client API

    Client_name:- name of the client


    Now Generating token for the above client .


    Generate token: hitting /token API

    For generating the token give the following headers:-

    Client_id:- Client ID of the client API

    Client_secret:- Client secret of the client API

    Grant_type :- CLIENT_CREDENTIALS


    (note: Credentials are the same as we used while creating the client in the above request).



    Validate Token:- (/Validate)

    For Validating the token we need to add Authorization Bearer <<token>> in headers

    (note:- The token’s value is the one received from the response to the above /token request.)


    This revised guide enhances readability and provides a clear, step-by-step approach to implementing an OAuth provider in MuleSoft.

Kommentare


bottom of page