SlideShare a Scribd company logo
Patna MuleSoft Meetup #29
Introduction of Oauth 2.0 and OAuth
Flows
AGENDA
● Introduction of oauth 2.0
● Oauth 2.0 Flows
● Oauth 2.0 Components
● How Oauth 2.0 scope helps to specify what resources or actions an client application
can access on behalf of the resource owner.
● Implementation
● Benefits of Oauth 2.0
● Demo
● Trivia Quiz *
Organizers
Om Prakash
Shyam Raj Prasad Amit Mohan
Safe Harbour Statement
● Both the speaker and the host are organizing this meet-up in individual capacity only. We are
not representing our companies here.
● This presentation is strictly for learning purposes only. Organizer/Presenter do not hold any
responsibility that same solution will work for your business requirements.
● This presentation is not meant for any promotional activities.
A recording of this meetup will be uploaded to events page within 24 hours.
Questions can be submitted/asked at any time in the Chat/Questions & Answers Tab.
Make it more Interactive!!!
Share us the feedback! Rate this meetup session by filling feedback form at the end of the day.
We Love Feedbacks !!
Housekeeping
Speakers
Rupmita Kundu
● Working as Senior Engineer in Digital
Engineering@Nttdata
● 5.5 Years Of experience iIT
● Certified MuleSoft Developer
Oauth 2.0 Introduction
Introduction to OAUTH 2.0
OAuth 2.0, short for "Open Authorization 2.0," is an industry-standard authorization
framework that enables third-party applications to access a user's data without needing
the user's credentials.
It allows users to grant limited access to their resources, such as photos, videos, or
personal information, to other applications or websites without compromising their
security.
Oauth 2.0 Components
1. Client Application: This is the application that wants to access the user's data,
often referred to as the "client."
2. Resource Owner: The user who owns the data that the client wants to access.
3. Authorization Server: The server that authenticates the user and issues
access tokens after the user successfully authorizes the client application.
4. Resource Server: The server that hosts the protected resources, which the
client application wants to access on behalf of the user.
5. Authorization Grant: The credential representing the resource owner's
authorization (e.g., username and password, authorization code, etc.).
6. Access Token: A token that the client application presents to the resource
server to access protected resources on behalf of the user.
7. Scopes: It defines the specific permissions that the client is requesting.
Oauth 2.0 Authorization Flows
1. Authorization Code Grant:
● Description: This flow is designed for web applications where the client can
securely store a client secret. It involves multiple steps, including redirection of
the user to the authorization server’s authorization endpoint, authorization, and
exchange of an authorization code for an access token.
● Use Case: Web applications accessing resources on behalf of a user.
1. Implicit Grant:
● Description: This flow is suitable for client-side applications like single-page apps
(SPAs) or mobile apps where there's no secure storage for a client secret. It
returns the access token directly to the client after user authentication and
authorization.
● Use Case: Browser-based applications or mobile apps accessing resources on
behalf of a user without a backend server.
Oauth 2.0 Authorization Flows
3. Client Credentials Grant:
○ Description: This flow is used by confidential clients (those capable of
maintaining the confidentiality of their client credentials, typically server-side
applications) to obtain an access token using their own credentials, not on
behalf of a user.
○ Use Case: Server-to-server communication where the client is acting on its
own behalf.
4. Resource Owner Password Credentials Grant:
○ Description: This flow allows a client to directly exchange the resource
owner's (user's) credentials for an access token. It's considered less secure
because the client needs to handle the user's credentials.
○ Use Case: Legacy or highly trusted applications where other flows are not
feasible or practical.
Oauth 2.0 Authorization Flows
5. Refresh Token Grant:
○ Description: This flow allows a client to obtain a new access token using a
refresh token, typically without requiring the user to re-authenticate. It extends the
validity of access tokens.
○ Use Case: Long-lived sessions where access tokens need to be refreshed
periodically without requiring the user to log in again.
How scopes helps to prevent access to different
resources
OAuth 2.0 scopes access control to different resources within an API.
● When a client requests access to an API endpoint, the access token provided by
OAuth 2.0 contains scopes indicating the permissions granted.
● When a request is made, Mule 4 automatically checks if the access token contains the
necessary scopes for the requested resource. If the required scopes are present,
access is granted; otherwise, access is denied.
Mulesoft Oauth 2.0 Provider
● The Mule OAuth 2.0 Provider is an OAuth 2.0 provider developed by MuleSoft.
● The provider allows you to configure your Mule application as an Authentication
Manager in an OAuth 2.0 dance.
● With this role, your application can:
● Authenticate previously registered clients.
● Grant tokens.
● Validate tokens.
● Register and delete clients during the execution of a flow
Demo
Configure the OAuth 2.0 Provider Module:
● In Anypoint Platform, go to your Mule application.
● Add the "OAuth 2.0 Provider" module to your project from the Anypoint Exchange.
● Configure the module by specifying parameters such as grant types,scopes,Token
endpoint, client store, token store
● Configure create client, delete client,validate client endpoints
● Deploy oauth2.0 application to cloudhub
● Add oauth 2.0 security schemes to the applications specification.
● Apply policy oauth 2.0 policy to the application in api manager
/authors:
get:
securedBy: [oauth_2_0: {scopes: ["vendor1"]}]
/books:
get:
securedBy: [oauth_2_0: {scopes: ["vendor2"]}]
● Configure oauth 2.0 policy for each endpoints.Add validate token url for
oauth 2.0 provider
Request access to api from exchange
create client app for each vendor
● Register client mule authorization server
.
Generate token for the registered client
Test the application /authors endpoint with access token and
give successful response
Test the application /books endpoint with the same access token and this time it will
give error message "The required scopes are not authorized"
Benefits of Oauth 2.0
1. Enhanced Security:
● Uses tokens instead of passwords, making it safer for
users and apps.
2. Controlled Access:
● Lets users give apps permission to only the data they need.
3. Easy to Use:
● Users can allow access without sharing their login details.
4. Widely Supported:
● Works with many popular services like Google and
Facebook.
5. Flexible:
● Suitable for different types of apps, from web to mobile to
server-to-server.
Trivia Quiz
Networking time
Thank You

More Related Content

Similar to Oauth 2.0 Introduction and Flows with MuleSoft

OAuth 2.0 for Web and Native (Mobile) App Developers
OAuth 2.0 for Web and Native (Mobile) App DevelopersOAuth 2.0 for Web and Native (Mobile) App Developers
OAuth 2.0 for Web and Native (Mobile) App Developers
Prabath Siriwardena
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
Knoldus Inc.
 
OAuth
OAuthOAuth
OAuth
Tom Elrod
 
OAuth2 Implementation Presentation (Java)
OAuth2 Implementation Presentation (Java)OAuth2 Implementation Presentation (Java)
OAuth2 Implementation Presentation (Java)
Knoldus Inc.
 
MuleSoft_Meetup__Official__updated_Sep_2020_ (1) (1).pptx
MuleSoft_Meetup__Official__updated_Sep_2020_ (1) (1).pptxMuleSoft_Meetup__Official__updated_Sep_2020_ (1) (1).pptx
MuleSoft_Meetup__Official__updated_Sep_2020_ (1) (1).pptx
Shiva Sahu
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
Calvin Noronha
 
.NET Core, ASP.NET Core Course, Session 19
 .NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19
aminmesbahi
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
Gaurav Roy
 
OAuth2 Introduction
OAuth2 IntroductionOAuth2 Introduction
OAuth2 Introduction
Arpit Suthar
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2
Sanjoy Kumar Roy
 
Full stack security
Full stack securityFull stack security
Full stack security
DPC Consulting Ltd
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0
Ubisecure
 
Implementing open authentication_in_your_app
Implementing open authentication_in_your_appImplementing open authentication_in_your_app
Implementing open authentication_in_your_app
Nuhil Mehdy
 
OAuth2 primer
OAuth2 primerOAuth2 primer
OAuth2 primer
Manish Pandit
 
Deep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected AppsDeep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected Apps
Salesforce Developers
 
O auth2.0 guide
O auth2.0 guideO auth2.0 guide
O auth2.0 guide
Dilip Mohapatra
 
SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID Connect
Ubisecure
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0
Yury Roa
 
Oauth2.0 tutorial
Oauth2.0 tutorialOauth2.0 tutorial
Oauth2.0 tutorial
HarikaReddy115
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
Vladimir Dzhuvinov
 

Similar to Oauth 2.0 Introduction and Flows with MuleSoft (20)

OAuth 2.0 for Web and Native (Mobile) App Developers
OAuth 2.0 for Web and Native (Mobile) App DevelopersOAuth 2.0 for Web and Native (Mobile) App Developers
OAuth 2.0 for Web and Native (Mobile) App Developers
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
 
OAuth
OAuthOAuth
OAuth
 
OAuth2 Implementation Presentation (Java)
OAuth2 Implementation Presentation (Java)OAuth2 Implementation Presentation (Java)
OAuth2 Implementation Presentation (Java)
 
MuleSoft_Meetup__Official__updated_Sep_2020_ (1) (1).pptx
MuleSoft_Meetup__Official__updated_Sep_2020_ (1) (1).pptxMuleSoft_Meetup__Official__updated_Sep_2020_ (1) (1).pptx
MuleSoft_Meetup__Official__updated_Sep_2020_ (1) (1).pptx
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
.NET Core, ASP.NET Core Course, Session 19
 .NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
OAuth2 Introduction
OAuth2 IntroductionOAuth2 Introduction
OAuth2 Introduction
 
An introduction to OAuth 2
An introduction to OAuth 2An introduction to OAuth 2
An introduction to OAuth 2
 
Full stack security
Full stack securityFull stack security
Full stack security
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0
 
Implementing open authentication_in_your_app
Implementing open authentication_in_your_appImplementing open authentication_in_your_app
Implementing open authentication_in_your_app
 
OAuth2 primer
OAuth2 primerOAuth2 primer
OAuth2 primer
 
Deep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected AppsDeep Dive into OAuth for Connected Apps
Deep Dive into OAuth for Connected Apps
 
O auth2.0 guide
O auth2.0 guideO auth2.0 guide
O auth2.0 guide
 
SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID Connect
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0
 
Oauth2.0 tutorial
Oauth2.0 tutorialOauth2.0 tutorial
Oauth2.0 tutorial
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 

More from shyamraj55

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Anypoint Mq, Einstien for ACB and MDC loggingBangalore MuleSoft Meetup #36-.pptx
Anypoint Mq, Einstien for ACB and MDC loggingBangalore MuleSoft Meetup #36-.pptxAnypoint Mq, Einstien for ACB and MDC loggingBangalore MuleSoft Meetup #36-.pptx
Anypoint Mq, Einstien for ACB and MDC loggingBangalore MuleSoft Meetup #36-.pptx
shyamraj55
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
shyamraj55
 
ServiceNow Integration with MuleSoft.pptx
ServiceNow Integration with MuleSoft.pptxServiceNow Integration with MuleSoft.pptx
ServiceNow Integration with MuleSoft.pptx
shyamraj55
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
shyamraj55
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Library
shyamraj55
 
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
shyamraj55
 
Munit In Mule 4 | Patna MuleSoft Meetup #26
Munit In Mule 4 | Patna MuleSoft Meetup #26Munit In Mule 4 | Patna MuleSoft Meetup #26
Munit In Mule 4 | Patna MuleSoft Meetup #26
shyamraj55
 
An overview of Anypoint API Community Manager
An overview of Anypoint API  Community ManagerAn overview of Anypoint API  Community Manager
An overview of Anypoint API Community Manager
shyamraj55
 
CryptoGraphy Module in Mulesoft
CryptoGraphy Module in MulesoftCryptoGraphy Module in Mulesoft
CryptoGraphy Module in Mulesoft
shyamraj55
 
Simplifying Plugin & Dependency Management with POM, Parent-POM, and BOM
Simplifying Plugin & Dependency Management with POM, Parent-POM, and BOMSimplifying Plugin & Dependency Management with POM, Parent-POM, and BOM
Simplifying Plugin & Dependency Management with POM, Parent-POM, and BOM
shyamraj55
 
ChatGPT and Slack Integration with MuleSoft
ChatGPT and Slack Integration with MuleSoftChatGPT and Slack Integration with MuleSoft
ChatGPT and Slack Integration with MuleSoft
shyamraj55
 
Exploring Universal API Management And Flex Gateway
Exploring Universal API Management And Flex GatewayExploring Universal API Management And Flex Gateway
Exploring Universal API Management And Flex Gateway
shyamraj55
 
SNS - SQS, and the MuleSoft liaison.pdf
SNS - SQS, and the MuleSoft liaison.pdfSNS - SQS, and the MuleSoft liaison.pdf
SNS - SQS, and the MuleSoft liaison.pdf
shyamraj55
 
CLI for DataWeave Scripts
CLI for DataWeave ScriptsCLI for DataWeave Scripts
CLI for DataWeave Scripts
shyamraj55
 
MuleSoft SAP Integration using IDocs
MuleSoft SAP Integration using IDocsMuleSoft SAP Integration using IDocs
MuleSoft SAP Integration using IDocs
shyamraj55
 
MuleSoft Composer | Patna MuleSoft Meetup #14
MuleSoft Composer | Patna MuleSoft Meetup #14MuleSoft Composer | Patna MuleSoft Meetup #14
MuleSoft Composer | Patna MuleSoft Meetup #14
shyamraj55
 
Salesforce, Slack, and Zendesk Integration with Mulesoft.pdf
Salesforce, Slack, and Zendesk Integration with Mulesoft.pdfSalesforce, Slack, and Zendesk Integration with Mulesoft.pdf
Salesforce, Slack, and Zendesk Integration with Mulesoft.pdf
shyamraj55
 
Patna MuleSoft Meetup Anypoint Cloudhub 2.0
Patna MuleSoft Meetup Anypoint Cloudhub 2.0Patna MuleSoft Meetup Anypoint Cloudhub 2.0
Patna MuleSoft Meetup Anypoint Cloudhub 2.0
shyamraj55
 

More from shyamraj55 (19)

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Anypoint Mq, Einstien for ACB and MDC loggingBangalore MuleSoft Meetup #36-.pptx
Anypoint Mq, Einstien for ACB and MDC loggingBangalore MuleSoft Meetup #36-.pptxAnypoint Mq, Einstien for ACB and MDC loggingBangalore MuleSoft Meetup #36-.pptx
Anypoint Mq, Einstien for ACB and MDC loggingBangalore MuleSoft Meetup #36-.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
ServiceNow Integration with MuleSoft.pptx
ServiceNow Integration with MuleSoft.pptxServiceNow Integration with MuleSoft.pptx
ServiceNow Integration with MuleSoft.pptx
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Library
 
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
 
Munit In Mule 4 | Patna MuleSoft Meetup #26
Munit In Mule 4 | Patna MuleSoft Meetup #26Munit In Mule 4 | Patna MuleSoft Meetup #26
Munit In Mule 4 | Patna MuleSoft Meetup #26
 
An overview of Anypoint API Community Manager
An overview of Anypoint API  Community ManagerAn overview of Anypoint API  Community Manager
An overview of Anypoint API Community Manager
 
CryptoGraphy Module in Mulesoft
CryptoGraphy Module in MulesoftCryptoGraphy Module in Mulesoft
CryptoGraphy Module in Mulesoft
 
Simplifying Plugin & Dependency Management with POM, Parent-POM, and BOM
Simplifying Plugin & Dependency Management with POM, Parent-POM, and BOMSimplifying Plugin & Dependency Management with POM, Parent-POM, and BOM
Simplifying Plugin & Dependency Management with POM, Parent-POM, and BOM
 
ChatGPT and Slack Integration with MuleSoft
ChatGPT and Slack Integration with MuleSoftChatGPT and Slack Integration with MuleSoft
ChatGPT and Slack Integration with MuleSoft
 
Exploring Universal API Management And Flex Gateway
Exploring Universal API Management And Flex GatewayExploring Universal API Management And Flex Gateway
Exploring Universal API Management And Flex Gateway
 
SNS - SQS, and the MuleSoft liaison.pdf
SNS - SQS, and the MuleSoft liaison.pdfSNS - SQS, and the MuleSoft liaison.pdf
SNS - SQS, and the MuleSoft liaison.pdf
 
CLI for DataWeave Scripts
CLI for DataWeave ScriptsCLI for DataWeave Scripts
CLI for DataWeave Scripts
 
MuleSoft SAP Integration using IDocs
MuleSoft SAP Integration using IDocsMuleSoft SAP Integration using IDocs
MuleSoft SAP Integration using IDocs
 
MuleSoft Composer | Patna MuleSoft Meetup #14
MuleSoft Composer | Patna MuleSoft Meetup #14MuleSoft Composer | Patna MuleSoft Meetup #14
MuleSoft Composer | Patna MuleSoft Meetup #14
 
Salesforce, Slack, and Zendesk Integration with Mulesoft.pdf
Salesforce, Slack, and Zendesk Integration with Mulesoft.pdfSalesforce, Slack, and Zendesk Integration with Mulesoft.pdf
Salesforce, Slack, and Zendesk Integration with Mulesoft.pdf
 
Patna MuleSoft Meetup Anypoint Cloudhub 2.0
Patna MuleSoft Meetup Anypoint Cloudhub 2.0Patna MuleSoft Meetup Anypoint Cloudhub 2.0
Patna MuleSoft Meetup Anypoint Cloudhub 2.0
 

Recently uploaded

Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
Techgropse Pvt.Ltd.
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 

Recently uploaded (20)

Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 

Oauth 2.0 Introduction and Flows with MuleSoft

  • 1. Patna MuleSoft Meetup #29 Introduction of Oauth 2.0 and OAuth Flows
  • 2. AGENDA ● Introduction of oauth 2.0 ● Oauth 2.0 Flows ● Oauth 2.0 Components ● How Oauth 2.0 scope helps to specify what resources or actions an client application can access on behalf of the resource owner. ● Implementation ● Benefits of Oauth 2.0 ● Demo ● Trivia Quiz *
  • 4. Safe Harbour Statement ● Both the speaker and the host are organizing this meet-up in individual capacity only. We are not representing our companies here. ● This presentation is strictly for learning purposes only. Organizer/Presenter do not hold any responsibility that same solution will work for your business requirements. ● This presentation is not meant for any promotional activities.
  • 5. A recording of this meetup will be uploaded to events page within 24 hours. Questions can be submitted/asked at any time in the Chat/Questions & Answers Tab. Make it more Interactive!!! Share us the feedback! Rate this meetup session by filling feedback form at the end of the day. We Love Feedbacks !! Housekeeping
  • 6. Speakers Rupmita Kundu ● Working as Senior Engineer in Digital Engineering@Nttdata ● 5.5 Years Of experience iIT ● Certified MuleSoft Developer
  • 8. Introduction to OAUTH 2.0 OAuth 2.0, short for "Open Authorization 2.0," is an industry-standard authorization framework that enables third-party applications to access a user's data without needing the user's credentials. It allows users to grant limited access to their resources, such as photos, videos, or personal information, to other applications or websites without compromising their security.
  • 9. Oauth 2.0 Components 1. Client Application: This is the application that wants to access the user's data, often referred to as the "client." 2. Resource Owner: The user who owns the data that the client wants to access. 3. Authorization Server: The server that authenticates the user and issues access tokens after the user successfully authorizes the client application. 4. Resource Server: The server that hosts the protected resources, which the client application wants to access on behalf of the user. 5. Authorization Grant: The credential representing the resource owner's authorization (e.g., username and password, authorization code, etc.). 6. Access Token: A token that the client application presents to the resource server to access protected resources on behalf of the user. 7. Scopes: It defines the specific permissions that the client is requesting.
  • 10. Oauth 2.0 Authorization Flows 1. Authorization Code Grant: ● Description: This flow is designed for web applications where the client can securely store a client secret. It involves multiple steps, including redirection of the user to the authorization server’s authorization endpoint, authorization, and exchange of an authorization code for an access token. ● Use Case: Web applications accessing resources on behalf of a user. 1. Implicit Grant: ● Description: This flow is suitable for client-side applications like single-page apps (SPAs) or mobile apps where there's no secure storage for a client secret. It returns the access token directly to the client after user authentication and authorization. ● Use Case: Browser-based applications or mobile apps accessing resources on behalf of a user without a backend server.
  • 11. Oauth 2.0 Authorization Flows 3. Client Credentials Grant: ○ Description: This flow is used by confidential clients (those capable of maintaining the confidentiality of their client credentials, typically server-side applications) to obtain an access token using their own credentials, not on behalf of a user. ○ Use Case: Server-to-server communication where the client is acting on its own behalf. 4. Resource Owner Password Credentials Grant: ○ Description: This flow allows a client to directly exchange the resource owner's (user's) credentials for an access token. It's considered less secure because the client needs to handle the user's credentials. ○ Use Case: Legacy or highly trusted applications where other flows are not feasible or practical.
  • 12. Oauth 2.0 Authorization Flows 5. Refresh Token Grant: ○ Description: This flow allows a client to obtain a new access token using a refresh token, typically without requiring the user to re-authenticate. It extends the validity of access tokens. ○ Use Case: Long-lived sessions where access tokens need to be refreshed periodically without requiring the user to log in again.
  • 13. How scopes helps to prevent access to different resources OAuth 2.0 scopes access control to different resources within an API. ● When a client requests access to an API endpoint, the access token provided by OAuth 2.0 contains scopes indicating the permissions granted. ● When a request is made, Mule 4 automatically checks if the access token contains the necessary scopes for the requested resource. If the required scopes are present, access is granted; otherwise, access is denied.
  • 14. Mulesoft Oauth 2.0 Provider ● The Mule OAuth 2.0 Provider is an OAuth 2.0 provider developed by MuleSoft. ● The provider allows you to configure your Mule application as an Authentication Manager in an OAuth 2.0 dance. ● With this role, your application can: ● Authenticate previously registered clients. ● Grant tokens. ● Validate tokens. ● Register and delete clients during the execution of a flow
  • 15. Demo
  • 16. Configure the OAuth 2.0 Provider Module: ● In Anypoint Platform, go to your Mule application. ● Add the "OAuth 2.0 Provider" module to your project from the Anypoint Exchange.
  • 17. ● Configure the module by specifying parameters such as grant types,scopes,Token endpoint, client store, token store
  • 18. ● Configure create client, delete client,validate client endpoints ● Deploy oauth2.0 application to cloudhub
  • 19. ● Add oauth 2.0 security schemes to the applications specification. ● Apply policy oauth 2.0 policy to the application in api manager /authors: get: securedBy: [oauth_2_0: {scopes: ["vendor1"]}] /books: get: securedBy: [oauth_2_0: {scopes: ["vendor2"]}]
  • 20. ● Configure oauth 2.0 policy for each endpoints.Add validate token url for oauth 2.0 provider
  • 21.
  • 22. Request access to api from exchange
  • 23. create client app for each vendor
  • 24. ● Register client mule authorization server .
  • 25. Generate token for the registered client
  • 26. Test the application /authors endpoint with access token and give successful response
  • 27. Test the application /books endpoint with the same access token and this time it will give error message "The required scopes are not authorized"
  • 28. Benefits of Oauth 2.0 1. Enhanced Security: ● Uses tokens instead of passwords, making it safer for users and apps. 2. Controlled Access: ● Lets users give apps permission to only the data they need. 3. Easy to Use: ● Users can allow access without sharing their login details. 4. Widely Supported: ● Works with many popular services like Google and Facebook. 5. Flexible: ● Suitable for different types of apps, from web to mobile to server-to-server.