What is Tracing Module and how to use it in Mule 4.x?

Before we look into Tracing module, we need to discuss on Correlation Id and it's importance..!

What is Correlation Id.?

For eg, In a trip planning application, we send customer_details request to various applications (apis), so this message is consumed by Hotel API, Airline API and Car-Rental microservices. These separate services respond asynchronously. Where multiple responses and requests are flowing across distributed microservices, so with the help of Correlation Id we can track the particular transaction easily.

When Mule creates a new event, it generates a unique identifier string called a correlation ID before sending the event to the next processor. This ID enables us to correlate different log entries with a particular execution.

Use the correlation ID to understand the entire history of an event that resulted in an issue or an unhandled error (all errors include the correlation ID of the event that triggered it). Also, knowing the correlation ID helps you perform a memory analysis of heap dumps.

To obtain a correlation ID, Mule first checks for one in the source message (for example, a JMS message or an HTTP listener with the X-CORRELATION-ID header). If the source does not set a correlation ID, Mule generates one using the correlation ID generator.

In earlier version of Mule Runtime, Correlation Id can't be modified.

But in Mule 4.4.0 or later version, Correlation Id can be modified with the help of Tracing Module.

Tracing module enables us to enhance the logs by adding, removing, and clearing all variables from the logging context for a given Mule event. It also enables us to modify the correlation ID during flow execution.

Tracking Module:

You need to download this module from Exchange.

• Clear all the logging variables from the event logging context.
• Remove a logging variable from logging context.
• Set logging variables to logging context.
• Modify the correlation ID during flow execution

Create a simple flow, drag and drop With CorrelationID and specify correlation Id as shown in below screenshot.

Source code: Correlation-id-project.

Ref: docs.mulesoft.com

Thanks for reading :-)

How to use OKTA as Identity Provider

There are many ways to secure your APIs in MuleSoft and in this blog we are going to integrate our AnyPoint platform with an OpenID Connect Provider (OKTA) to provide the OAuth feature to our AnyPoint platform.

1. Client Application/End-User requests an Access Token for a specific grant type and scope, using Basic Auth with Client Id as user name and Client Secret as password.
2. Client Application makes a request to the API using the Access Token as a bearer token
3. API Manager Policy intercepts the request and validates the Access Token with the Authorization Server
4. If the Access Token is valid, then the request can proceed to the resource API. Else, you will get error as "Invalid Token"

Let's see the configuration in OKTA

First, we will create a account in Okta portal

https://developer.okta.com/signup/ 

Once you have created the login account successfully, then create Auth Server to validate the client.

Security>API>Authorization Servers> Click on Add Authorization Server and specify the details and save it.

Add scope like read, full, mulescope ..etc

Add policy

Add Rule

Setting> click on Metadata URL

Metadata URI contains complete meta data information like auth endpoint, token endpoint..etc

You can see Raw Data as well

Configuration is done. In real-time your admin or infra team will do the complete setup and share required information to configure at API End.

Let's apply the this security policy on API.

Anypoint Platform> API Manager > Your API > Policies

Specify JWKS Url, select Skip Client Id validation and left remaining settings and save it. It takes 30 to 40 sec the changes to reflect.

Under Authorization tab enter all required information and click on Get New Access Token

Once you click on Get New Access token, you will be prompted to enter Okta login credentials.

It's one time activity.

Then, click on Use Token

Token will be added under Headers > Authorization automatically (Disabled Mode)

Then, you can see the response from your business API.

Note: There are many ways to connect Okta server and generate Token.

Implement further logic in Anypoint Studio if your API is a consumer.

Thanks for reading :-)

How to use OAuth 2.0 as External Identity Provider

What is OAuth 2.0?

OAuth 2.0 is an open-standard authorization framework that allows third party services to safely permit authenticated access to their assets without sharing critical login credentials — i.e., the user's password.

OAuth works on the principle of granting permission to access data rather than providing proof of identity, meaning it is an authorization protocol rather than an authentication protocol. 

Users delegate exactly what personal information will be revealed. OAuth works over HTTPS, authorizing servers, devices, APIs, and applications. Instead of passwords, it uses short-term access tokens.

OAuth doesn’t share password data but instead uses authorization tokens to prove an identity between consumers and service providers. OAuth is an authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password.

OAuth Roles:

• Resource Owner: The resource owner is the user who authorizes an application to access their account. The application’s access to the user’s account is limited to the scope of the authorization granted (e.g. read or write access)
• Resource Server: The resource server hosts the protected user accounts and capable of denying or allowing access to the protected resources of the resource owner(s)
• Authorization Server: The authorization server verifies the identity of the user then issues access tokens to the application.
• Client: The client is the application that wants to access the user’s account. Before it may do so, it must be authorized by the user, and the authorization must be validated by the API.

In order to implement this scenario, first we need to create an authentication application in oauth website and specify grant types.

How to create an application in OAuth

Create an login account https://manage.auth0.com. 

Once you have logged in successfully, then click on Applications and click on Create Application as shown in below screenshot.

Specify application name and select Machine to Machine Application and click on Create.

Note: You can select other types based on your use case.

Select Permissions based on your requirement and click on Authorize.

Quick Start contains ready to use information to access API with the help of Token,

Settings: Having client ID, client secret, specify call back url and Grant Types

Under Advanced Settings, specify Grant Types..

Under Endpoints, you can see list of URLs.

Please make note of Client ID, Client Secret Token URL and JSON Web Key Set and then apply OAuth on any API.

Here, I have applied it on MuleSoft API.

Login into Anypoint platform and go to API Manager and click on API

And, then go to Policies , click on Add Policy

Specify JWKS URL and leave remaining setting ..and save it.

Now test the API from Postman or any other tool.

First, get the access token by specifying client id and client secret.

Token URL is available in Oauth application end points tab

Methods is Post and body is client id and secret..etc. These details are available in Quickstart tab. 

Now you can see the token in response section.

We need to access the API by providing authorization token as the bearer token.

Under Headers> Authorization as Bearer <access token>

Then, you can see the response.

Note: 

1. Based on your business requirement, you can disable/enable the API Policy from API Manager (Anypoint Platform).

2. And, you can change grant types and permissions from OAuth(application). In real-time, your infra team will take care of it.

Sources:

apisec.ai

dzone.com

Thanks for reading. :-)

How to use MuleSoft as OAuth Provider

Now a days every applications or API requires a security layer to protect from unauthorized access. 

There are many security protocols are available in the market, but OAuth2 is leading in the market Protocol. MuleSoft provides capability to build and deploy OAuth2 Provider Service using AnyPoint Platform Components.

In this blog, we will see how MuleSoft is providing OAuth2 Provider facility.

MuleSoft providing OAuth2 Provider connector module which is used to build an OAuth2 Service. This Oath Service acts as an OAuth2 Provider/Server which is used by client applications for various authentication purposes like create client, validate token etc.

Create a sample project in Studio and download OAuth Provider Module and Object Store from Exchange.

This is the project to create client, get token and do validation.

Drag and drop Create Client is available from OAuth Provider Module and specify the settings as shown below..

Drag and drop Validate methods from OAuth Provider module and save it.

Deploy it and test it.

1. Create a client and specify required parameters as shown below

http://localhost:8081/create

2. Get the token

http://localhost:8081/token

3. Validate the token

http://localhost:8081/validate

Now deploy this application onto CloudHub and apply it as OAuth policy on any API.

How to create sample RAML and define Auto discovery feature..

Please refer my blog

Two applications are running in CloudHub, one is business implementation API and other one is MuleSoft OAuth provider logic

Now, we will apply OAuth provider policy on business API.

Go to Policies and click on Add Policy

Select OAuth2.0 access token enforcement policy

Specify validation URL and check Skip Client ID validation and save it.

Note: This takes around 30 sec to reflect the changes.

Not test the Business API URL.

Before that execute OAuth API for creating client id and client secret

http://mule-oauth-provider-109.us-e2.cloudhub.io/oauth/create

Get the token

http://mule-oauth-provider-109.us-e2.cloudhub.io/token

Use the access token and test the Business API.

Source code jar file

There're many third party authenticators are available in the market. Based on your business case and cost, you can go for it.

Thanks for reading :-)

How to Authenticate Salesforce using OAuth2.0

In this blog, we will see how to authenticate Salesforce by using OAuth 2.0 from MuleSoft 4.x and access some object data (Contact, Account ..etc)

OAuth 2.0 is an open protocol that authorizes secure data sharing between applications through the exchange of tokens.

The following are the main steps..

1. In order to initiate the authorization flow, connected app to be created in Salesforce to access REST API resource on behalf of a client app(MuleSoft).
2. Authorizing server (Salesforce) grants access tokens to the connected app.
3. A Resource server validates this access token and approves access to the protected REST API resource.

How to create a Connected App in Salesforce:

If you've Salesforce Admin access, then you can create by following below steps. Else, you need to request Salesforce Admin to provide the same.

Login into Salesforce account..

Goto Setup> Build> Create> Apps

Click on New - to create Connected App

Specify App Name as per your business requirement.

Specify Callback URL and select OAuth Scopes and move them to Right Box and Save it.

Note: It takes around 10 min to create / update the app.

Click on Manage Consumer Details for Consumer Key and Consumer Secret and note it.

These are the confidential details being used in MuleSoft to connect it.

How to test the connectivity and access object from Postman..

Specify grant-type, client-id, client-secret, username, password under Query Params and under Headers specify content-type as "application/x-www-form-urlencoded"

Once the got the token, then invoke Salesforce API for object query.

Sample Query: 

List of records from Salesforce - contacts object.

Now, we will see how to build the same logic in Anypoint Studio.

On HTTP Request: (Do the same thing as we did in postman as shown above)

Under Headers> specify content-type ()

Query Paramets> grant-type, client-id, client-secret, username, password 

Now, we need to save the token in a variable. 

In real time, we will use Object Store to maintain the token.

Invoke Salesforce API by using token..

That's all, now invoke the flow from Postman and check the results.

Source code: OAuth-Salesforce

Thanks for reading :-)