About OAuth Policy Prerequisites

Prerequisites for using an OAuth 2.0 policy are:

  • Applying the policy to the API

  • Having an OAuth 2.0 provider

  • A securityScheme if the API is RAML-based

Within the RAML securitySchemes definition, you include URIs for the authorization and access token for a Mule OAuth 2.0 provider as shown in the following example:

   authorizationUri: https://oauth2provider.cloudhub.io/authorize
   accessTokenUri:  https://oauth2provider.cloudhub.io/access_token
   authorizationGrants: [authorization_code, password, client_credentials, implicit]

Also, add the securedBy node after the method name of the resource and method you want to secure, as shown in the following example:

    securedBy: [oauth_2_0]

The following table maps the RAML grant types to the grant type names in the OAuth 2.0 policy configuration.

Authorization Grant Types Defined in RAML Definition Equivalent Authorization Grant Type to Enable in the OAuth Provider Policy Supported in embedded APIkit Console?





Client Credentials



Resource Owner Password Credentials



Authorization Code


After meeting these prerequisites, you are ready to build the provider.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub
Submit your feedback!
Share your thoughts to help us build the best documentation experience for you!
Take our latest survey!