String
OAuth Module Reference - Mule 4
OAuth Module v1.1
OAuth Module is an extension to hook OAuth2 to HTTP extension connectors.
Operations
Invalidate Oauth Context
<oauth:invalidate-oauth-context>
Clears the OAuth context for a token manager and a resource owner ID.
Retrieve Access Token
<oauth:retrieve-access-token>
Returns the access token of the token manager for the parametrized resource owner ID.
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Token Manager |
The token manager that holds the access token. |
x |
||
Resource Owner Id |
String |
The resource owner ID to invalidate. This attribute is allowed only for authorization code grant type. |
default |
|
Output Mime Type |
String |
The MIME type of the payload that this operation outputs. |
||
Target Variable |
String |
Name of the variable that stores the operation’s output. |
||
Target Value |
String |
Expression that evaluates the operation’s output. The expression outcome is stored in the Target Variable. |
|
Retrieve Custom Token Response Param
<oauth:retrieve-custom-token-response-param>
Returns the value of the parameter that is extracted during the OAuth dance from the token manager for the parametrized resource owner ID.
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Token Manager |
The token manager that holds the access token. |
x |
||
Resource Owner Id |
String |
The resource owner ID to invalidate. This attribute is allowed for authorization code grant type. |
default |
|
Key |
String |
A key to look in the elements that are extracted after the OAuth dance. |
x |
|
Output Mime Type |
String |
The MIME type of the payload that this operation outputs. |
||
Target Variable |
String |
Name of the variable that stores the operation’s output. |
||
Target Value |
String |
Expression that evaluates the operation’s output. The expression outcome is stored in the Target Variable. |
|
Retrieve Expires In
<oauth:retrieve-expires-in>
Returns the expiration of the OAuth context for the parametrized resource owner ID.
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Token Manager |
The token manager that holds the access token. |
x |
||
Resource Owner Id |
String |
The resource owner ID to invalidate. This attribute is allowed for authorization code grant type. |
default |
|
Output Mime Type |
String |
The MIME type of the payload that this operation outputs. |
||
Target Variable |
String |
Name of the variable that stores the operation’s output. |
||
Target Value |
String |
Expression that evaluates the operation’s output. The expression outcome is stored in the Target Variable. |
|
Retrieve Refresh Token
<oauth:retrieve-refresh-token>
Returns the refresh token of the OAuth context for the parametrized resource owner ID.
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Token Manager |
The token manager that holds the refresh token. |
x |
||
Resource Owner Id |
String |
The resource owner ID to invalidate. This attribute is allowed for authorization code grant type. |
default |
|
Output Mime Type |
String |
The mime type of the payload that this operation outputs. |
||
Target Variable |
String |
Name of the variable that stores the operation’s output. |
||
Target Value |
String |
Expression that evaluates the operation’s output. The expression outcome is stored in the Target Variable. |
|
Retrieve State
<oauth:retrieve-state>
Returns the state of the OAuth context for the parametrized resource owner ID.
Parameters
Name | Type | Description | Default Value | Required |
---|---|---|---|---|
Token Manager |
The token manager that holds the access token. |
x |
||
Resource Owner Id |
String |
The resource owner ID to invalidate. This attribute is allowed for authorization code grant type. |
default |
|
Output Mime Type |
String |
The MIME type of the payload that this operation outputs. |
||
Target Variable |
String |
Name of the variable that stores the operation’s output. |
||
Target Value |
String |
Expression that evaluates the operation’s output. The expression outcome is stored in the Target Variable. |
|
Types
Token Manager Config
Field | Type | Description | Default Value | Required |
---|---|---|---|---|
Object Store |
Object Store |
An object store to store the OAuth context data. |
Authorization Code Grant Type
Field | Type | Description | Default Value | Required |
---|---|---|---|---|
Local Callback Config |
String |
Listener configuration to use instead of |
||
Local Callback Config Path |
String |
Local path for the listener created according to |
||
Local Callback Url |
String |
URL that enables Mule runtime engine (Mule) to automatically create an endpoint in the configured URL that stores the authentication code unless there is an endpoint already registered to manually extract the authorization code. |
||
External Callback Url |
String |
The OAuth authentication server uses the URL to provide the authentication code to the Mule server in order to retrieve the access token. Note that the URL must be the externally visible address of the callback, not the local address. |
x |
|
State |
String |
State parameter for holding state between the authentication request and the callback done by the OAuth authorization server to the |
||
Local Authorization Url Resource Owner Id |
String |
Identifier to store the OAuth authentication attributes (accessToken, refreshToken, etc). This attribute is required only when applications access resources from more than one user in the OAuth authentication server. |
||
Local Authorization Url |
String |
URL that enables Mule to automatically create an endpoint in the host server for the user to authenticate and grant access to the application for their account. |
x |
|
Authorization Url |
String |
The OAuth authentication server URL to authorize the app for a certain user. |
x |
|
Custom Parameters |
Object |
Custom parameters to send to the authorization request URL or the OAuth authorization sever. |
||
Resource Owner Id |
String |
Identifier to store the OAuth authentication attributes (accessToken, refreshToken, etc). This attribute is required only when applications access resources from more than one user in the OAuth authentication server. |
default |
|
Encode Client Credentials In Body |
Boolean |
If |
true |
|
Client Id |
String |
Application identifier defined in the OAuth authentication server. |
x |
|
Client Secret |
String |
Application secret defined in the OAuth authentication server. |
x |
|
Scopes |
String |
Scope required by the application to execute. Scopes define permissions over resources. |
||
Token Manager |
The token manager configuration to use for the grant type. |
|||
Token Url |
String |
The OAuth authentication server URL to get access to the token. Mule calls this URL to get the access token, after receiving the authentication code from the OAuth server through the |
x |
|
Response Access Token |
String |
Expression to extract the access token parameter from the response of the call to |
|
|
Response Refresh Token |
String |
Response refresh token. |
|
|
Response Expires In |
String |
Expression to extract the expires in parameter from the response of the call to |
|
|
Custom Parameter Extractors |
Array of Parameter Extractor |
|||
Refresh Token When |
Boolean |
Enables expressions to evaluate against the HTTP response of the API callback to determine if the request failed because it was done using an expired token. If the evaluation returns |
|
|
Tls Context |
A TLS configuration to receive incoming HTTP requests and do HTTP requests during the OAuth dance. |
Parameter Extractor
Field | Type | Description | Default Value | Required |
---|---|---|---|---|
Param Name |
String |
Parameter extractor name. |
x |
|
Value |
String |
Value for this type. |
x |
TLS
Configures TLS to provide secure communications for the Mule app.
Field | Type | Description | Default Value | Required |
---|---|---|---|---|
Enabled Protocols |
String |
Comma-separated list of protocols enabled for this context. |
||
Enabled Cipher Suites |
String |
Comma-separated list of cipher suites enabled for this context. |
||
Trust Store |
Configures the TLS truststore. |
|||
Key Store |
Configures the TLS keystore. |
|||
Revocation Check |
Revocation check configuration. |
Truststore
Configures the truststore for TLS.
Field | Type | Description | Default Value | Required |
---|---|---|---|---|
Path |
String |
Path to the truststore. Mule resolves the path relative to the current classpath and file system. |
||
Password |
String |
Password used to protect the truststore. |
||
Type |
String |
Type of store. |
||
Algorithm |
String |
Encryption algorithm that the truststore uses. |
||
Insecure |
Boolean |
If |
Keystore
Configures the keystore for the TLS protocol. The keystore you generate contains a private key and a public certificate.
Field | Type | Description | Default Value | Required |
---|---|---|---|---|
Path |
String |
Path to the keystore. Mule resolves the path relative to the current classpath and file system. |
||
Type |
String |
Type of store. |
||
Alias |
String |
Alias of the key to use when the keystore contains multiple private keys. By default, Mule uses the first key in the file. |
||
Key Password |
String |
Password used to protect the private key. |
||
Password |
String |
Password used to protect the keystore. |
||
Algorithm |
String |
Encryption algorithm that the keystore uses. |
Standard Revocation Check
Configures standard revocation checks for TLS certificates.
Field | Type | Description | Default Value | Required |
---|---|---|---|---|
Only End Entities |
Boolean |
Which elements to verify in the certificate chain:
|
||
Prefer Crls |
Boolean |
How to check certificate validity:
Checks the Online Certificate Status Protocol (OCSP) for certificate validity. |
||
No Fallback |
Boolean |
Whether to use the secondary method to check certificate validity:
Uses the method not specified in the Prefer Crls field to check the certificate validity.
Does not use the method specified in the Prefer Crls field to check certificate validity. |
||
Soft Fail |
Boolean |
What to do if the revocation server can’t be reached or is busy:
Avoids verification failure.
Enables the verification to fail. |
Custom OCSP Responder
Configures a custom OCSP responder for certification revocation checks.
Field | Type | Description | Default Value | Required |
---|---|---|---|---|
Url |
String |
URL of the OCSP responder. |
||
Cert Alias |
String |
Alias of the signing certificate for the OCSP response. If specified, the alias must be configured in the truststore. |
CRL File
Specifies the location of the certification revocation list (CRL) file.
Field | Type | Description | Default Value | Required |
---|---|---|---|---|
Path |
String |
Path to the CRL file. |
Client Credentials Grant Type
Field | Type | Description | Default Value | Required |
---|---|---|---|---|
Encode Client Credentials In Body |
Boolean |
If true, the client ID and client secret are sent in the request body. Otherwise, the client ID and client secret are sent as basic authentication. |
false |
|
Client Id |
String |
Application identifier defined in the OAuth authentication server. |
x |
|
Client Secret |
String |
Application secret defined in the OAuth authentication server. |
x |
|
Scopes |
String |
Scope required by the application to execute. Scopes define permissions over resources. |
||
Token Manager |
The token manager configuration to use for the grant type. |
|||
Token Url |
String |
The OAuth authentication server URL to get access to the token. Mule calls this URL to get the access token, after receiving the authentication code from the OAuth server through the |
x |
|
Response Access Token |
String |
Expression to extract the access token parameter from the response of the call to |
|
|
Response Refresh Token |
String |
Response refresh token. |
|
|
Response Expires In |
String |
Expression to extract the expires in parameter from the response of the call to |
|
|
Custom Parameter Extractors |
Array of Parameter Extractor |
Custom parameter extractors configuration. |
||
Refresh Token When |
Boolean |
Enables expressions to evaluate against the HTTP response of the API callback to determine if the request failed because it was done using an expired token. If the evaluation returns |
|
|
TLS Context |
A TLS configuration to receive incoming HTTP requests and do HTTP requests during the OAuth dance. |