Contact Us 1-800-596-4880

OAuth Module Reference - Mule 4

OAuth Module v1.1

OAuth Module is an extension to hook OAuth2 to HTTP extension connectors.

Configurations


Config

Default configuration

Parameters

Name Type Description Default Value Required

Name

String

Name for this configuration. Connectors reference the configuration with this name.

x

Operations

Invalidate Oauth Context

<oauth:invalidate-oauth-context>

Clears the OAuth context for a token manager and a resource owner ID.

Parameters

Name Type Description Default Value Required

Token Manager

The token manager that holds the credentials to invalidate..

x

Resource Owner Id

String

The resource owner ID to invalidate. This attribute is allowed only for authorization code grant type.

default

Retrieve Access Token

<oauth:retrieve-access-token>

Returns the access token of the token manager for the parametrized resource owner ID.

Parameters

Name Type Description Default Value Required

Token Manager

The token manager that holds the access token.

x

Resource Owner Id

String

The resource owner ID to invalidate. This attribute is allowed only for authorization code grant type.

default

Output Mime Type

String

The MIME type of the payload that this operation outputs.

Target Variable

String

Name of the variable that stores the operation’s output.

Target Value

String

Expression that evaluates the operation’s output. The expression outcome is stored in the Target Variable.

#[payload]

Output

Type

String

Retrieve Custom Token Response Param

<oauth:retrieve-custom-token-response-param>

Returns the value of the parameter that is extracted during the OAuth dance from the token manager for the parametrized resource owner ID.

Parameters

Name Type Description Default Value Required

Token Manager

The token manager that holds the access token.

x

Resource Owner Id

String

The resource owner ID to invalidate. This attribute is allowed for authorization code grant type.

default

Key

String

A key to look in the elements that are extracted after the OAuth dance.

x

Output Mime Type

String

The MIME type of the payload that this operation outputs.

Target Variable

String

Name of the variable that stores the operation’s output.

Target Value

String

Expression that evaluates the operation’s output. The expression outcome is stored in the Target Variable.

#[payload]

Output

Type

String

Retrieve Expires In

<oauth:retrieve-expires-in>

Returns the expiration of the OAuth context for the parametrized resource owner ID.

Parameters

Name Type Description Default Value Required

Token Manager

The token manager that holds the access token.

x

Resource Owner Id

String

The resource owner ID to invalidate. This attribute is allowed for authorization code grant type.

default

Output Mime Type

String

The MIME type of the payload that this operation outputs.

Target Variable

String

Name of the variable that stores the operation’s output.

Target Value

String

Expression that evaluates the operation’s output. The expression outcome is stored in the Target Variable.

#[payload]

Output

Type

String

Retrieve Refresh Token

<oauth:retrieve-refresh-token>

Returns the refresh token of the OAuth context for the parametrized resource owner ID.

Parameters

Name Type Description Default Value Required

Token Manager

The token manager that holds the refresh token.

x

Resource Owner Id

String

The resource owner ID to invalidate. This attribute is allowed for authorization code grant type.

default

Output Mime Type

String

The mime type of the payload that this operation outputs.

Target Variable

String

Name of the variable that stores the operation’s output.

Target Value

String

Expression that evaluates the operation’s output. The expression outcome is stored in the Target Variable.

#[payload]

Output

Type

String

Retrieve State

<oauth:retrieve-state>

Returns the state of the OAuth context for the parametrized resource owner ID.

Parameters

Name Type Description Default Value Required

Token Manager

The token manager that holds the access token.

x

Resource Owner Id

String

The resource owner ID to invalidate. This attribute is allowed for authorization code grant type.

default

Output Mime Type

String

The MIME type of the payload that this operation outputs.

Target Variable

String

Name of the variable that stores the operation’s output.

Target Value

String

Expression that evaluates the operation’s output. The expression outcome is stored in the Target Variable.

#[payload]

Output

Type

String

Types

Token Manager Config

Field Type Description Default Value Required

Object Store

Object Store

An object store to store the OAuth context data.

Authorization Code Grant Type

Field Type Description Default Value Required

Local Callback Config

String

Listener configuration to use instead of localCallbackUrl. Note that if using this configuration you must also provide a localCallbackConfigPath separately.

Local Callback Config Path

String

Local path for the listener created according to localCallbackConfig, not required if you use localCallbackUrl.

Local Callback Url

String

URL that enables Mule runtime engine (Mule) to automatically create an endpoint in the configured URL that stores the authentication code unless there is an endpoint already registered to manually extract the authorization code.

External Callback Url

String

The OAuth authentication server uses the URL to provide the authentication code to the Mule server in order to retrieve the access token. Note that the URL must be the externally visible address of the callback, not the local address.

x

State

String

State parameter for holding state between the authentication request and the callback done by the OAuth authorization server to the redirectUrl.

Local Authorization Url Resource Owner Id

String

Identifier to store the OAuth authentication attributes (accessToken, refreshToken, etc). This attribute is required only when applications access resources from more than one user in the OAuth authentication server.

Local Authorization Url

String

URL that enables Mule to automatically create an endpoint in the host server for the user to authenticate and grant access to the application for their account.

x

Authorization Url

String

The OAuth authentication server URL to authorize the app for a certain user.

x

Custom Parameters

Object

Custom parameters to send to the authorization request URL or the OAuth authorization sever.

Resource Owner Id

String

Identifier to store the OAuth authentication attributes (accessToken, refreshToken, etc). This attribute is required only when applications access resources from more than one user in the OAuth authentication server.

default

Encode Client Credentials In Body

Boolean

If true, the client ID and client secret are sent in the request body. Otherwise, the client ID and client secret are sent as basic authentication.

true

Client Id

String

Application identifier defined in the OAuth authentication server.

x

Client Secret

String

Application secret defined in the OAuth authentication server.

x

Scopes

String

Scope required by the application to execute. Scopes define permissions over resources.

Token Manager

The token manager configuration to use for the grant type.

Token Url

String

The OAuth authentication server URL to get access to the token. Mule calls this URL to get the access token, after receiving the authentication code from the OAuth server through the redirectUrl.

x

Response Access Token

String

Expression to extract the access token parameter from the response of the call to tokenUrl.

#[payload.access_token]

Response Refresh Token

String

Response refresh token.

#[payload.refresh_token]

Response Expires In

String

Expression to extract the expires in parameter from the response of the call to tokenUrl.

#[payload.expires_in]

Custom Parameter Extractors

Refresh Token When

Boolean

Enables expressions to evaluate against the HTTP response of the API callback to determine if the request failed because it was done using an expired token. If the evaluation returns true (access token expired), Mule automatically triggers a refresh token flow and retries the API callback using a new access token. Default value evaluates if the response status code is 401 or 403.

#[attributes.statusCode == 401 or attributes.statusCode == 403]

Tls Context

TLS

A TLS configuration to receive incoming HTTP requests and do HTTP requests during the OAuth dance.

Parameter Extractor

Field Type Description Default Value Required

Param Name

String

Parameter extractor name.

x

Value

String

Value for this type.

x

TLS

Configures TLS to provide secure communications for the Mule app.

Field Type Description Default Value Required

Enabled Protocols

String

Comma-separated list of protocols enabled for this context.

Enabled Cipher Suites

String

Comma-separated list of cipher suites enabled for this context.

Trust Store

Configures the TLS truststore.

Key Store

Configures the TLS keystore.

Revocation Check

Revocation check configuration.

Truststore

Configures the truststore for TLS.

Field Type Description Default Value Required

Path

String

Path to the truststore. Mule resolves the path relative to the current classpath and file system.

Password

String

Password used to protect the truststore.

Type

String

Type of store.

Algorithm

String

Encryption algorithm that the truststore uses.

Insecure

Boolean

If true, Mule stops performing certificate validations. Setting this attribute to true make connections vulnerable to attacks.

Keystore

Configures the keystore for the TLS protocol. The keystore you generate contains a private key and a public certificate.

Field Type Description Default Value Required

Path

String

Path to the keystore. Mule resolves the path relative to the current classpath and file system.

Type

String

Type of store.

Alias

String

Alias of the key to use when the keystore contains multiple private keys. By default, Mule uses the first key in the file.

Key Password

String

Password used to protect the private key.

Password

String

Password used to protect the keystore.

Algorithm

String

Encryption algorithm that the keystore uses.

Standard Revocation Check

Configures standard revocation checks for TLS certificates.

Field Type Description Default Value Required

Only End Entities

Boolean

Which elements to verify in the certificate chain:

  • true
    Verifies only the last element in the certificate chain.

  • false
    Verifies all the elements in the certificate chain.

Prefer Crls

Boolean

How to check certificate validity:

  • true+ Checks the Certification Revocation List (CRL) for certificate validity.

  • false+

Checks the Online Certificate Status Protocol (OCSP) for certificate validity.

No Fallback

Boolean

Whether to use the secondary method to check certificate validity:

  • true

Uses the method not specified in the Prefer Crls field to check the certificate validity.

  • false

Does not use the method specified in the Prefer Crls field to check certificate validity.

Soft Fail

Boolean

What to do if the revocation server can’t be reached or is busy:

  • true

Avoids verification failure.

  • false

Enables the verification to fail.

Custom OCSP Responder

Configures a custom OCSP responder for certification revocation checks.

Field Type Description Default Value Required

Url

String

URL of the OCSP responder.

Cert Alias

String

Alias of the signing certificate for the OCSP response. If specified, the alias must be configured in the truststore.

CRL File

Specifies the location of the certification revocation list (CRL) file.

Field Type Description Default Value Required

Path

String

Path to the CRL file.

Client Credentials Grant Type

Field Type Description Default Value Required

Encode Client Credentials In Body

Boolean

If true, the client ID and client secret are sent in the request body. Otherwise, the client ID and client secret are sent as basic authentication.

false

Client Id

String

Application identifier defined in the OAuth authentication server.

x

Client Secret

String

Application secret defined in the OAuth authentication server.

x

Scopes

String

Scope required by the application to execute. Scopes define permissions over resources.

Token Manager

The token manager configuration to use for the grant type.

Token Url

String

The OAuth authentication server URL to get access to the token. Mule calls this URL to get the access token, after receiving the authentication code from the OAuth server through the redirectUrl.

x

Response Access Token

String

Expression to extract the access token parameter from the response of the call to tokenUrl.

#[payload.access_token]

Response Refresh Token

String

Response refresh token.

#[payload.refresh_token]

Response Expires In

String

Expression to extract the expires in parameter from the response of the call to tokenUrl.

#[payload.expires_in]

Custom Parameter Extractors

Custom parameter extractors configuration.

Refresh Token When

Boolean

Enables expressions to evaluate against the HTTP response of the API callback to determine if the request failed because it was done using an expired token. If the evaluation returns true (access token expired), Mule automatically triggers a refresh token flow and retries the API callback using a new access token. Default value evaluates if the response status code is 401 or 403.

#[attributes.statusCode == 401 or attributes.statusCode == 403]

TLS Context

TLS

A TLS configuration to receive incoming HTTP requests and do HTTP requests during the OAuth dance.

View on GitHub