Nav

About OAuth Policy Prerequisites

Prerequisites for using an OAuth 2.0 policy are:

  • Applying the policy to the API

  • Having an OAuth 2.0 provider

  • A securityScheme if the API is RAML-based

Within the RAML securitySchemes definition, you include URIs for the authorization and access token for a Mule OAuth 2.0 provider as shown in the following example:

settings:
   authorizationUri: https://oauth2provider.cloudhub.io/authorize
   accessTokenUri:  https://oauth2provider.cloudhub.io/access_token
   authorizationGrants: [authorization_code, password, client_credentials, implicit]

Also, add the securedBy node after the method name of the resource and method you want to secure, as shown in the following example:

/users:
  get:
    securedBy: [oauth_2_0]

The following table maps the RAML grant types to the grant type names in the OAuth 2.0 policy configuration. 

Authorization Grant Types Defined in RAML Definition Equivalent Authorization Grant Type to Enable in the OAuth Provider Policy Supported in embedded APIkit Console?

[implicit]

Implicit

Yes

[client_credentials]

Client Credentials

No

[password]

Resource Owner Password Credentials

No

[authorization_code]

Authorization Code

Yes

After meeting these prerequisites, you are ready to build the provider.

In this topic: