Configuring OAuth 2.0 for Connectors on CloudHub
You can deploy your OAuth 2.0 enabled connectors to a cloud service.
Configuring OAuth 2.0 for a connector on CloudHub is the same as configuring OAuth 2.0 for a connector locally, except with CloudHub, the Mule implementation is behind an extra server. Consider the following when configuring OAuth 2.0 for a connector on CloudHub:
-
Connector Listener
-
CloudHub manages some properties for you automatically, such as
${http.port}
and${https.port}
. Use these properties when configuring your HTTP Listener. -
When deployed on the cloud, the
localhost
,0.0.0.0
, and127.0.0.1
hosts are no longer publicly reachable. When configuring your OAuth provider, you must replace all links containing these hosts with the actual CloudHub-provided public addresses. For CloudHub, this address is in the format{ch-app-name}.{region}.cloudhub.io
. For example, an HTTP app namedch-example-app
deployed in the Europe (London) region has public address ofhttp://ch-example-app.uk-e1.cloudhub.io
.
-
-
OAuth Provider Setup
-
If you set Callback Path to
/callback
, your public callback URL is{ch-app-name}.{region}.cloudhub.io/callback
. This is the callback URL to use as your redirect URI when you configure your OAuth provider.This must also be configured in your connector as the External Callback Url. You can use the
${fullDomain}
property that CloudHub configures for you to automatically obtain the proper host name.If you are deploying to multiple regions or have some other gateway configured, use the hostname of the load balancer or the gateway in your OAuth provider callback URL and in External Callback Url. In OAuth 2.0 configuration, the user (not the OAuth provider) reaches the callback endpoint from their browser. Ensure that your region configuration is correct. If you create your CloudHub app in the US region and your users connect to the app from Europe, the request is blocked by the gateway.
-
Performing the OAuth Dance
After you complete the OAuth 2.0 configuration, you can deploy your app to CloudHub and initialize the OAuth dance by navigating to your public hostname on your authorization endpoint. For example, with the previous configuration, you can navigate to {ch-app-name}.{region}.cloudhub.io/authorize
. This starts the OAuth dance and prompts you to log in with your OAuth provider.