About OAuth Policy Prerequisites

Prerequisites for using an OAuth 2.0 policy are:

Applying the policy to the API
Having an OAuth 2.0 provider
A securityScheme if the API is RAML-based

Within the RAML securitySchemes definition, you include URIs for the authorization and access token for a Mule OAuth 2.0 provider as shown in the following example:

settings:
   authorizationUri: https://oauth2provider.cloudhub.io/authorize
   accessTokenUri:  https://oauth2provider.cloudhub.io/access_token
   authorizationGrants: [authorization_code, password, client_credentials, implicit]

Also, add the securedBy node after the method name of the resource and method you want to secure, as shown in the following example:

/users:
  get:
    securedBy: [oauth_2_0]

The following table maps the RAML grant types to the grant type names in the OAuth 2.0 policy configuration.

Authorization Grant Types Defined in RAML Definition Equivalent Authorization Grant Type to Enable in the OAuth Provider Policy Supported in embedded APIkit Console?

Authorization Grant Types Defined in RAML Definition	Equivalent Authorization Grant Type to Enable in the OAuth Provider Policy	Supported in embedded APIkit Console?
`[implicit]`	Implicit	Yes
`[client_credentials]`	Client Credentials	No
`[password]`	Resource Owner Password Credentials	No
`[authorization_code]`	Authorization Code	Yes

[implicit]

Implicit

Yes

[client_credentials]

Client Credentials

[password]

Resource Owner Password Credentials

[authorization_code]

Authorization Code

Yes

After meeting these prerequisites, you are ready to build the provider.

About OAuth Policy Prerequisites

See Also