Oauth2 access_token usage with apikit

Question

I have a simple project that is making token based authentication, via oauth2 mechansm, simple example from tweetbook api from Mule repository, you can generate your token via client_id and secret then can use this on your HTTP endpoint.

I want to implement same usage also on APIKit routers via RAML but all examples are about external-oath-service of Anypoint studio, inside our company we don't use Anypoint's api cloud solutions so we need to handle it locally. From my perspective if this is working, it should be easily implementable also for RAML projects.

Can someone please support ?

Mule project is attached :

 <?xml version="1.0" encoding="UTF-8"?>
 <mule xmlns:cors="http://www.mulesoft.org/schema/mule/cors"
     xmlns:json="http://www.mulesoft.org/schema/mule/json"
     xmlns:http="http://www.mulesoft.org/schema/mule/http"
     xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:oauth2-provider="http://www.mulesoft.org/schema/mule/oauth2-provider"
     xmlns:spring="http://www.springframework.org/schema/beans"
     xmlns:context="http://www.springframework.org/schema/context"
     xmlns:mule-ss="http://www.mulesoft.org/schema/mule/spring-security"
     xmlns:ss="http://www.springframework.org/schema/security"
     xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
     xsi:schemaLocation="http://www.mulesoft.org/schema/mule/cors http://www.mulesoft.org/schema/mule/cors/current/mule-cors.xsd
 http://www.mulesoft.org/schema/mule/json http://www.mulesoft.org/schema/mule/json/current/mule-json.xsd
 http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
 http://www.mulesoft.org/schema/mule/oauth2-provider http://www.mulesoft.org/schema/mule/oauth2-provider/current/mule-oauth2-provider.xsd
 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-current.xsd
 http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
 http://www.mulesoft.org/schema/mule/spring-security http://www.mulesoft.org/schema/mule/spring-security/current/mule-spring-security.xsd
 http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
 
 
     <cors:config name="Cors_Configuration" doc:name="Cors Configuration">
         <cors:origins>
             <cors:origin url="*">
                 <cors:methods>
                     <cors:method>POST</cors:method>
                     <cors:method>DELETE</cors:method>
                     <cors:method>PUT</cors:method>
                     <cors:method>GET</cors:method>
                 </cors:methods>
                 <cors:headers>
                     <cors:header>content-type</cors:header>
                 </cors:headers>
             </cors:origin>
         </cors:origins>
     </cors:config>
     
     <spring:beans>     
         <ss:authentication-manager id="resourceOwnerAuthenticationManager">
             <ss:authentication-provider>
                 <ss:user-service id="resourceOwnerUserService">
                     <ss:user name="john" password="doe" authorities="RESOURCE_OWNER" />
                 </ss:user-service>
             </ss:authentication-provider> 
         </ss:authentication-manager>
     </spring:beans>
 
     <mule-ss:security-manager doc:name="Spring Security Provider" name="">
         <mule-ss:delegate-security-provider
             name="resourceOwnerSecurityProvider"
             delegate-ref="resourceOwnerAuthenticationManager" />
     </mule-ss:security-manager>
 
     <oauth2-provider:config
         name="oauth2ProviderRopc"
         providerName="SampleAPI"
         preFlow-ref="myCorsFlow"
         supportedGrantTypes="RESOURCE_OWNER_PASSWORD_CREDENTIALS"
         tokenTtlSeconds = "120"
         port="8299"
         authorizationEndpointPath="sampleapi/api/authorize"
         accessTokenEndpointPath="sampleapi/api/token"
         resourceOwnerSecurityProvider-ref="resourceOwnerSecurityProvider"
         scopes="READ_RESOURCE POST_RESOURCE"
         listenerConfig-ref="HTTP_Listener_Configuration_2" doc:name="OAuth provider module">
             <oauth2-provider:clients>
                 <oauth2-provider:client clientId="myclientid3" secret="myclientsecret"
                                         type="CONFIDENTIAL" clientName="Mule Bookstore" description="Mule-powered On-line Bookstore">
                     <oauth2-provider:redirect-uris>
                         <oauth2-provider:redirect-uri>http://0.0.0.0*</oauth2-provider:redirect-uri>
                     </oauth2-provider:redirect-uris>
                     <oauth2-provider:authorized-grant-types>
                         <oauth2-provider:authorized-grant-type>PASSWORD</oauth2-provider:authorized-grant-type>
                         <oauth2-provider:authorized-grant-type>AUTHORIZATION_CODE</oauth2-provider:authorized-grant-type>
                     </oauth2-provider:authorized-grant-types>
                     <oauth2-provider:scopes>
                         <oauth2-provider:scope>READ_RESOURCE</oauth2-provider:scope>
                         <oauth2-provider:scope>POST_RESOURCE</oauth2-provider:scope>
                     </oauth2-provider:scopes>
                 </oauth2-provider:client>
             </oauth2-provider:clients>
     </oauth2-provider:config>
     <http:listener-config name="HTTP_Listener_Configuration_2" host="0.0.0.0" port="8081" doc:name="HTTP Listener Configuration"/>
     <flow name="myCorsFlow">
       <cors:validate publicResource="true" acceptsCredentials="false" config-ref="Cors_Configuration" doc:name="CORS Validate"/>
       </flow>
 
     <flow name="protected-ropwc" >
         <http:listener config-ref="HTTP_Listener_Configuration_2" path="/oguztest" doc:name="HTTP">
             <http:response-builder>
                 <http:header headerName="Access-Control-Allow-Origin" value="*"/>
             </http:response-builder>
         </http:listener>
         <oauth2-provider:validate config-ref="oauth2ProviderRopc" doc:name="Validate Token" scopes="READ_RESOURCE"/>
         <set-payload value="#[ ['name' : 'payroll', 'uri' : 'http://localhost:8081/resources/payroll'] ]" doc:name="Set Payload"/>
         <json:object-to-json-transformer doc:name="Object to JSON"/>
     </flow>
 </mule>

Answer 1

Oct 26, 2018 at 02:15 PM, anirban37 answered with:

I don't see any issues in implementation this application as an oauth provider in on premises.
You can protect all your other applications which are RAML based or even non RAML based with this oauth provider.
You need to have your private anypoint platform in on premises with which you can deploy all your applications as well as implement oauth2 policies to protect all you applications

Add comment

10 |1200 characters needed characters left characters exceeded

Oauth2 access_token usage with apikit

1 Reply

Your answer

Like this question?

Who's following the question

Related Questions