OAuth 2.0 Access Token Enforcement Using Mule OAuth Provider

Error handling responses revised for JSON compliance.

Introduced the capability to configure timeouts when validating OAuth2 tokens for incoming requests.

Added support for policies to validate one or all of the scopes defined in API Manager.

Added OAS3 code snippet in the policy YAML.

Because the Content-Type header of the JSON response from the validate endpoint had additional information, such as charset, the response returned was interpreted as String instead of JSON. The additional modifier is now disregarded.

Responses from the validation endpoint in which the value of the expires_in field was equal to 0 were not being parsed as an expired token.

Error handling responses revised for WSDL APIs to be compliant with SOAP 1.1 and 1.2.

Performance improvements are introduced to the header manipulation engine.

Several performance improvements are introduced in error handling.

After a policy was applied, HTTP headers did not follow the RFC 2616 requirement of case-sensitivity:

Authorization entity attributes that contain non-primitive values were not correctly parsed. These values are now ignored.

An error occured when an object within a JSON object was treated as String type instead of JSON type. This issue is now resolved.

The Fault element in the WSDL APIs now includes the Detail element, with additional error details.

Introduced a configuration flag to enable transport layer security (TLS) validation for the Authorization Servers certificates.

Added token rejection when the active field of the introspection endpoint response is 'false'.

Several performance improvements are introduced.

An error occurs in Mule versions v4.1.1, v4.1.2, 4,1,3 and 4.1.4 when a policy is deployed to applications that have the mule-secure-configuration-property-module plugin configured. To resolve this issue, upgrade the specified plugin in the application to version 1.1.0.

The Expiration Time field was mandatory. This issue is now resolved.

Introduced support to encrypt sensitive information related to policies. The Runtime version must be correctly configured to support encryption, which is availble with Mule Runtime v4.2.0 or later.

The default configuration has been modified to avoid propagating or returning policy headers, unless explicitly configured by checking the "Expose headers" option.

Several performance improvements are introduced.

An error occurs in Mule versions v4.1.1, v4.1.2, 4,1,3 and 4.1.4 when a policy is deployed to applications that have the mule-secure-configuration-property-module plugin configured. To resolve this issue, upgrade the specified plugin in the application to version 1.1.0.

Fixed scheduling related performance issues.

Improved the RAML and OAS snippets.

A scope validation error was causing the OAuth 2.0 External Provider policy to return a "403 - The required scopes are not authorized error" response.

When a WSDL proxy receives an empty payload or an invalid XML, an ExpressionRuntimeException error was generated.

When a Security Manager was defined in the same application with a tracked endpoint, an error occurred preventing the federated and client ID based policies to apply.

An error occurred, causing federated policies to lose query and URI parameters of the requester.