Often you are faced with a requirement to handle authorization to a third party service. This example application illustrates how to execute this type of authorization using the Mule Runtime.
This document assumes that you are familiar with OAuth, HTTP, Mule, Anypoint connectors, Anypoint Studio, elements in a Mule flow, and global elements.
To follow the steps in this example, you must have a box.com account, which you can create for free if you don't already have one.
You also need Java installed on your computer and admin rights to your computer.
In this example, a user browses to an HTTPS endpoint, in this case, a user to access data from the Box service. For this purpose, OAuth authorization is triggered. The user is asked to supply their user name and password. If successful, the user clicks a button to be granted access.
The following steps are only needed in this example so that you can test your finished application.
If you're using HTTPS as the Box API requires, you must create a keystore to certify the communication. This can be done using the keytool provided by Java, found in the bin directory of your Java installation. Navigate to this directory on your machine using the command line (this is not needed if Java bin directory is contained in your PATH variable), then execute the following command to create a keystore file:
keytool -genkey -alias replserver -keyalg RSA -keystore keystore.jks
The keytool prompts you to create two passwords. Remember these and fill them in the configuration later on (parameters: keystore.password, keystore.keyPassword). The command creates a .jks file in the directory called keystore.jks.
The keystore (keystore.jks) file along with its corresponding passwords can now be used. Move it into the /src/main/resources directory in Mule Studio's Package Explorer. If you need more help doing this, use this resource.
The flow contains two important blocks to showcase OAuth2 dance, HTTP listener and HTTP Request components. First one is an inbound HTTPS endpoint accepts incoming HTTPS GET requests. When request pointing to local authorization URL https://localhost:8081/web arrives, it redirects the processing to Box that basically triggers the OAuth authorization. After the successful operation, the client is redirected back defined as external callback URL in request authentication configuration.
The OAuth authorization is defined by the authorization-code-grant-type component which is wrapped in the HTTP request config component. The request URL is set to https://api.box.com. As HTTPS protocol is specified, TLS context needed to be introduced. The context has three required values: a path, a key password, and a password.
To start an OAuth operation you need a clientId, a client secret issued by the third party service, and a redirect URL that is used after the finished authorization process. To demonstrate some capabilities of this component, custom URL parameters (that is, boxdeviceid and boxdevicename).
After a user is authorized, it is possible to read resources from Box using the recently obtained token, showing the result in the browser.
|Published on||Sep 6, 2018|