OAuth Provider Module - Mule 4
home
The OAuth2 Provider Module allows a Mule Application to be configured as an Authentication Manager in an OAuth2 Dance. With this role, the application is able to authenticate previously registered clients, grant tokens, and validate them or register and delete clients, all during the execution of a flow.
The RFC specification can be found in: RFC6749
Also, if the app should behave as the Client in the OAuth2 Dance, then the OAuth Module should be used.
Since the OAuth dance is done through HTTP, the OAuth2 Provider makes use of the Mule HTTP Connector. As a consequence, apart from the definition of an OAuth2 provider configuration , the Mule application must also have an HTTP Listener configuration to be used by the provider.
Once configured, the provider works as follows:
- Two HTTP endpoints are created for listening to Authentication Code and Token request as stated by the OAuth2 definition. Those will work independently from the mule application and will respond via HTTP.
- Apart from that, the provider defines an operation: Validate Token that can check if a token is authorized. That operation can be added anywhere in a flow to control it’s execution. If the token is indeed authorized, the flow will keep executing, setting token information in the payload, otherwise, a TOKEN_UNAUTHORIZED error will be raised. It’s up to the developer to add that operation in parts of the application that need token authorization.
- Because token validation is almost always going to be used together with an HTTP Listener, in case it fails, the listener’s response mechanism can handle that error and properly respond to the requester. Additional logic can be added handling that type of error.
Additional operations are provided to add or delete clients and to revoke tokens in case it’s needed.