OAuth 2.0 Access Token Enforcement Policy Using Mule OAuth Provider

1.5.0

June 24, 2021

Minimum Mule Version

Mule 4.1.0

New Features and Enhancements

  • Introduced the capability to configure timeouts when validating OAuth2 tokens for incoming requests.

1.4.0

December 22, 2020

Minimum Mule Version

Mule 4.1.0

New Features and Enhancements

  • Added support for policies to validate one or all of the scopes defined in API Manager.

  • Added OAS3 code snippet in the policy YAML.

1.3.3

September 28, 2020

Minimum Mule Version

Mule 4.1.0

Fixed Issues

  • Because the Content-Type header of the JSON response from the validate endpoint had additional information, such as charset, the response returned was interpreted as String instead of JSON. The additional modifier is now disregarded.

  • Responses from the validation endpoint in which the value of the expires_in field was equal to 0 were not being parsed as an expired token.

1.3.2

Apr 30, 2020

Minimum Mule Version

Mule 4.1.0

New Features and Enhancements

  • Error handling responses revised for WSDL APIs to be compliant with SOAP 1.1 and 1.2.

  • Performance improvements are introduced to the header manipulation engine.

  • Several performance improvements are introduced in error handling.

Fixed Issues

1.3.1

December 18, 2019

Minimum Mule Version

4.1.0

Fixed Issues

  • Authorization entity attributes that contain non-primitive values were not correctly parsed. These values are now ignored.

  • An error occured when an object within a JSON object was treated as String type instead of JSON type. This issue is now resolved.

  • The Fault element in the WSDL APIs now includes the Detail element, with additional error details.

1.3.0

Sep 4, 2019

Minimum Mule Version

4.1.0

New Features and Enhancements

  • Introduced a configuration flag to enable transport layer security (TLS) validation for the Authorization Servers certificates.

  • Added token rejection when the active field of the introspection endpoint response is 'false'.

  • Several performance improvements are introduced.

Known Issues

  • An error occurs in Mule versions v4.1.1, v4.1.2, 4,1,3 and 4.1.4 when a policy is deployed to applications that have the mule-secure-configuration-property-module plugin configured. To resolve this issue, upgrade the specified plugin in the application to version 1.1.0.

Fixed Issues

  • The Expiration Time field was mandatory. This issue is now resolved.

1.2.0

Apr 26, 2019

Minimum Mule Version

4.1.0

New Features and Enhancements

  • Introduced support to encrypt sensitive information related to policies. The Runtime version must be correctly configured to support encryption, which is availble with Mule Runtime v4.2.0 or later.

  • The default configuration has been modified to avoid propagating or returning policy headers, unless explicitly configured by checking the "Expose headers" option.

  • Several performance improvements are introduced.

Known Issues

  • An error occurs in Mule versions v4.1.1, v4.1.2, 4,1,3 and 4.1.4 when a policy is deployed to applications that have the mule-secure-configuration-property-module plugin configured. To resolve this issue, upgrade the specified plugin in the application to version 1.1.0.

1.1.4

Feb 22, 2019

Minimum Mule Version

4.1.0

Fixed Issues

  • Fixed scheduling related performance issues.

1.1.3

Jan 11, 2019

Minimum Mule Version

4.0.0

New Features and Enhancements

  • Improved the RAML and OAS snippets.

1.1.2

Oct 9, 2018

Minimum Mule Version

4.0.0

Fixed Issues

  • A scope validation error was causing the OAuth 2.0 External Provider policy to return a "403 - The required scopes are not authorized error" response.

  • When a WSDL proxy receives an empty payload or an invalid XML, an ExpressionRuntimeException error was generated.

1.1.1

Jun 27, 2018

Fixed Issues

  • When a Security Manager was defined in the same application with a tracked endpoint, an error occurred preventing the federated and client ID based policies to apply.

Minimum Mule Version

4.0.0

1.1.0

Jan 25, 2018

Fixed Issues

  • An error occurred, causing federated policies to lose query and URI parameters of the requester.

Minimum Mule Version

4.0.0

1.0.0

Nov 14, 2017

Minimum Mule Version

4.0.0

Was this article helpful?

💙 Thanks for your feedback!