Using Mule OAuth Provider

Jun 27, 2024

Lecture Notes: Using Mule OAuth Provider

Introduction

  • Presenter: Eternal Bhavna
  • Topic: Using Mule as an OAuth Provider
  • Supported Providers: Okta, OpenID, AWS Cognito, and Windows Azure.
  • Purpose: To demonstrate usage of Mule as both an OAuth provider and consumer.

Setting Up

  • Create Application: 'Mule OAuth Provider'
  • **Steps to Setup OAuth in Mule: **
    1. Go to Exchange and download OAuth provider modules.
    2. Download Object Store for storing tokens and clients.
    3. Create Global Elements for storing clients and tokens.

Configurations

Global Elements

  • Client Object Store
    • Name: client OS
    • Type: Persistent Object Store
  • Token Object Store
    • Name: token OS
    • Type: Persistent
  • OAuth Provider Config
    • Set Listener Config (using HTTP Listener)
    • Provide Client Store
    • Supported Grant Types: Client Credentials
    • Token URL: /token
    • Token TTL: 86,400 seconds (can be reduced as needed)

Flow Implementations

Client Creation

  • HTTP Listener Path: /createClient
  • Create Client Module:
    • Reads: client ID, client secret, and client name from headers.
    • Stores credentials in Client Object Store.
    • Configuration includes settings like type to confidential.

Token Generation

  • HTTP Listener Path: /token
  • Grant Type: Client Credentials
    • Client ID, Client Secret from headers.
    • Returns: Token

Token Validation

  • HTTP Listener Path: /validate
  • Validate Token Module: Verifies token from Authorization header.
  • Transform Message Component: JSON payload

Testing

  • Deployment Local Application: Deploy application and test three endpoints:
    • Create Client
    • Generate Token (with client credentials)
    • Validate Token
  • Policy Application: Applies OAuth policy using API Manager.
    • Policy: Access Token Enforcement using Mule OAuth provider.
    • Validation URL: Configured to validate endpoint.

Cloud Deployment

  • Export Application: Deploy the same Mule OAuth application on CloudHub.
  • Create Client & Token: Same steps as deployed locally, followed on CloudHub.
  • Apply Policy on API: Use API Manager to apply policies on cloud-deployed API.
  • Testing: Similar steps for cloud validation of token.

Final Validations

  • Testing URL endpoints again with valid and invalid tokens.
  • Verification that incoming requests are authorized with token-based validation.

Conclusion

  • Functionality Achieved: Utilizing Mule as an effective OAuth provider.
  • Further Queries: Open for comments and questions from viewers.

Additional Notes

  • Token URL TTL: Generally set to 60 minutes.
  • API Manager Setting: Ensures API endpoint permission via token validation.

Summary

  • End-to-end steps for setting up Mule as an OAuth provider, covering configuration, deployment, policy application, and validation.