There are many ways to secure your APIs in MuleSoft and in this blog we are going to integrate our AnyPoint platform with an OpenID Connect Provider (OKTA) to provide the OAuth feature to our AnyPoint platform.
- Client Application/End-User requests an Access Token for a specific grant type and scope, using Basic Auth with Client Id as user name and Client Secret as password.
- Client Application makes a request to the API using the Access Token as a bearer token
- API Manager Policy intercepts the request and validates the Access Token with the Authorization Server
- If the Access Token is valid, then the request can proceed to the resource API. Else, you will get error as "Invalid Token"
Let's see the configuration in OKTA
First, we will create a account in Okta portal
Once you have created the login account successfully, then create Auth Server to validate the client.
Security>API>Authorization Servers> Click on Add Authorization Server and specify the details and save it.
Add policy
Setting> click on Metadata URL
Metadata URI contains complete meta data information like auth endpoint, token endpoint..etc
You can see Raw Data as well
Let's apply the this security policy on API.
Anypoint Platform> API Manager > Your API > Policies
Specify JWKS Url, select Skip Client Id validation and left remaining settings and save it. It takes 30 to 40 sec the changes to reflect.
Under Authorization tab enter all required information and click on Get New Access Token
Once you click on Get New Access token, you will be prompted to enter Okta login credentials.
It's one time activity.
Then, click on Use Token
Then, you can see the response from your business API.
Note: There are many ways to connect Okta server and generate Token.
Implement further logic in Anypoint Studio if your API is a consumer.
Thanks for reading :-)
No comments:
Post a Comment