OAuth 2 Policies

In Anypoint Platform, you can work with OAuth solutions on both the server side, for example, by configuring an HTTP or Salesforce connector to access an OAuth-protected server, and the client side, for example, by applying an OAuth 2.0 policy and and enforce authentication from your client applications through your own OAuth provider.

You can use the following OAuth provider and policy pairs:

Provider Policy Name


PingFederate OAuth Token Enforcement.


OpenAM OAuth Token Enforcement.

A Dynamic Client Registration-compliant identity provider

OpenID Connect Access Token Enforcement.

Mule OAuth 2.0

OAuth 2.0 Access Token Enforcement.

The Dynamic Client Registration-compliant identity provider needs to conform to the OpenID Connect Client Registration 1.0 incorporating errata set 1.

The API to which you apply an OAuth 2.0 policy supports HTTPS communication using a Mule OAuth 2.0 provider. The provider verifies the validity of OAuth 2.0 credentials.

Was this article helpful?

💙 Thanks for your feedback!

Submit your feedback!
Share your thoughts to help us build the best documentation experience for you!
Take our latest survey!