Contact Free trial Login

OAuth 2 Policies concepts

To secure an API in Anypoint Platform using OAuth 2.0, you can use the following policies and the matching OAuth 2.0 provider:

  • One of the following policies available in federated organizations, are configured with specific OAuth 2.0 providers:

    • OpenAM OAuth Token Enforcement policy

    • PingFederate OAuth Token Enforcement policy

    • OpenID Connect Access Token Enforcement Policy

  • Available in all organizations:

None of these token enforcement policies allow access to the OAuth 2.0 protected resources if credentials from non-Mule client applications are used.

An OAuth 2.0 Authorization Enforcement policy, which you can apply to an API in Anypoint Platform, connects to an OpenAM authorization server, an OpenID Connect Token Introspection endpoint, PingFederate authorization server, or a Mule OAuth 2.0 provider.

Important: The Mule OAuth 2.0 Access Token Enforcement policy is designed to work exclusively with a Mule OAuth 2.0 provider. Using the policy with any other OAuth 2.0 provider (for example, Facebook, Google, or Azure) is not supported.


To apply OAuth 2.0 policies, you must:

  • Have an Anypoint Platform organization administrator role or have permission to create or manage APIs in your environment.

  • Configure your Anypoint Platform organization as a federated organization using either OpenAM, OpenID Connect, or PingFederate.

    Alternatively, have a Mule OAuth 2.0 Provider configured and running.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub