Nav

About Configuring an API for OAuth 2.0 Protection

The following policies are available for authorization:

  • PingFederate OAuth Token Enforcement policy

  • OpenAM OAuth Token Enforcement Policy

  • OAuth 2.0 Access Token Enforcement Using External Provider policy

Using the PingFederate or OpenAM policy is recommended.

Prerequisites for using one of these policies are:

Requirements for RAML APIs

If the API protected by one of the Anypoint Platform authorization policies is defined using RAML (recommended), define RAML securitySchemes for OAuth 2.0. Within the RAML securitySchemes definition, you include URIs for the authorization and access token. The following example shows URIs for a Mule OAuth 2.0 provider:

You specify grant types in RAML securitySchemes. The following example RAML syntax shows the authorizationGrants setting:

settings:
   authorizationUri: https://oauth2provider.cloudhub.io/authorize
   accessTokenUri:  https://oauth2provider.cloudhub.io/access_token
   authorizationGrants: [authorization_code, password, client_credentials, implicit]

Also, add the securedBy node after the method name of the resource and method you want to secure, as shown in the following snippet:

/users:
  get:
    securedBy: [oauth_2_0]

The following table shows the mapping of the RAML grant types to the grant type names in the OAuth 2.0 Access Token Enforcement Using External Provider policy configuration. 

Authorization Grant Types Defined in RAML Definition Equivalent Authorization Grant Type to Enable in the OAuth Provider Policy Supported in embedded APIkit Console?

[implicit]

Implicit

Yes

[client_credentials]

Client Credentials

No

[password]

Resource Owner Password Credentials

No

[authorization_code]

Authorization Code

Yes