+

This version of the product has reached End of Life and is no longer supported. You can switch to the latest version, or use the version selector in the left navigation.

Mule Secure Token Service OAuth 2.0 Provider

Mule runtime engine version 3.8 reached its End of Life on November 16, 2021. For more information, contact your Customer Success Manager to determine how to migrate to the latest Mule version.

The following Mule OAuth 2.0 solutions includes using the Mule Secure Token Service:

  • Authentication for a CloudHub API

    The Mule Secure Token Service can provide a solution for APIs and apps hosted by CloudHub.

  • Client App authentication required by a server

    The OAuth 2.0 solution is provided by a connector, such as the HTTP or Salesforce connector

  • Authentication to protect an API from Clients

    The OAuth 2.0 solution is provided by an API Manager policy.

Client Authentication for a CloudHub API

The Mule OAuth 2.0 Secure Token Service functionality on CloudHub is limited due to the known Object Store limitations.

If those limitations don’t affect your development, you can use the Mule OAuth 2.0 Secure Token Service on Cloudhub. Otherwise, create your own Object Store and configure the OAuth2 module to use your custom Object Store instead of the default.

Use Mule Secure Token Service to apply Oauth 2.0 to your Web service provider to:

  • grant consumers of your Web service limited access to secure data

  • avoid disclosing an end user’s access credentials to a Web service consumer

  • retain the authority to revoke the consumer’s access to an end user’s secure data at any time

Client Authentication Required by a Server

Configure authentication in your client Mule app when sending requests to a service that requires authentication, such as the Github OAuth2 server described in OAuth2 - Authorization Code.

Authentication to Protect an API from Clients

When you want to protect your API or app from receiving requests from unauthorized access, use an API Manager policy, such as the OAuth 2.0 Access Token Enforcement Using External Provider policy. To expose a Web service protected by OAuth 2.0 security, see API Manager documentation.

Was this article helpful? Thanks for your feedback!
View on GitHub