Contact Us 1-800-596-4880

Configuring OAuth 2.0 for Connectors on CloudHub

You can deploy your OAuth 2.0 enabled connectors to a cloud service.

Configuring OAuth 2.0 for a connector on CloudHub is the same as configuring OAuth 2.0 for a connector locally, except with CloudHub, the Mule implementation is behind an extra server. Consider the following when configuring OAuth 2.0 for a connector on CloudHub:

  • Connector Listener

    • CloudHub manages some properties for you automatically, such as ${http.port} and ${https.port}. Use these properties when configuring your HTTP Listener.

      Http Listener configuration window for CloudHub example
    • When deployed on the cloud, the localhost, 0.0.0.0, and 127.0.0.1 hosts are no longer publicly reachable. When configuring your OAuth provider, you must replace all links containing these hosts with the actual CloudHub-provided public addresses. For CloudHub, this address is in the format {ch-app-name}.{region}.cloudhub.io. For example, an HTTP app named ch-example-app deployed in the Europe (London) region has public address of http://ch-example-app.uk-e1.cloudhub.io.

  • OAuth Provider Setup

    • If you set Callback Path to /callback, your public callback URL is {ch-app-name}.{region}.cloudhub.io/callback. This is the callback URL to use as your redirect URI when you configure your OAuth provider.

      OKTA Example

      This must also be configured in your connector as the External Callback Url. You can use the ${fullDomain} property that CloudHub configures for you to automatically obtain the proper host name.

      External Callback Url field configuration window
      If you are deploying to multiple regions or have some other gateway configured, use the hostname of the load balancer or the gateway in your OAuth provider callback URL and in External Callback Url.

      In OAuth 2.0 configuration, the user (not the OAuth provider) reaches the callback endpoint from their browser. Ensure that your region configuration is correct. If you create your CloudHub app in the US region and your users connect to the app from Europe, the request is blocked by the gateway.

Performing the OAuth Dance

After you complete the OAuth 2.0 configuration, you can deploy your app to CloudHub and initialize the OAuth dance by navigating to your public hostname on your authorization endpoint. For example, with the previous configuration, you can navigate to {ch-app-name}.{region}.cloudhub.io/authorize. This starts the OAuth dance and prompts you to log in with your OAuth provider.