Mule Secure Token Service OAuth 2.0 Provider
|Mule runtime engine version 3.8 reached its End of Life on November 16, 2021. For more information, contact your Customer Success Manager to determine how to migrate to the latest Mule version.|
The following Mule OAuth 2.0 solutions includes using the Mule Secure Token Service:
Authentication for a CloudHub API
The Mule Secure Token Service can provide a solution for APIs and apps hosted by CloudHub.
Client App authentication required by a server
The OAuth 2.0 solution is provided by a connector, such as the HTTP or Salesforce connector
Authentication to protect an API from Clients
The OAuth 2.0 solution is provided by an API Manager policy.
The Mule OAuth 2.0 Secure Token Service functionality on CloudHub is limited due to the known Object Store limitations.
If those limitations don’t affect your development, you can use the Mule OAuth 2.0 Secure Token Service on Cloudhub. Otherwise, create your own Object Store and configure the OAuth2 module to use your custom Object Store instead of the default.
Use Mule Secure Token Service to apply Oauth 2.0 to your Web service provider to:
grant consumers of your Web service limited access to secure data
avoid disclosing an end user’s access credentials to a Web service consumer
retain the authority to revoke the consumer’s access to an end user’s secure data at any time
Configure authentication in your client Mule app when sending requests to a service that requires authentication, such as the Github OAuth2 server described in OAuth2 - Authorization Code.
When you want to protect your API or app from receiving requests from unauthorized access, use an API Manager policy, such as the OAuth 2.0 Access Token Enforcement Using External Provider policy. To expose a Web service protected by OAuth 2.0 security, see API Manager documentation.