SlideShare a Scribd company logo

Securing api with_o_auth2

Download as PPTX, PDF
sivachandra mandalapu
sivachandra mandalapu

Securing api with oauth2

Education
1 of 20
Implementing OAUTH2 on an API The objective of this recipe is to secure a RAML based API using OAuth2. Figure 1: API management
OAuth 2.0 Flow: Figure 2: OAuth 2.0 Flow 1. The client application requests a token from the provider. 2. The provider returns a token. 3. The client application includes the token either as an authentication header or a query parameter in a request to the API. 4. The OAuth 2.0 Access Token Enforcement Using External Provider Policy intercepts this request and communicates with the provider to validate the token. 5. The validated token is whitelisted and kept on record until expiration. Any further requests that contain this token are not validated against the OAuth provider. 6. If the token is valid, the request is forwarded to the API. 7. The API responds to the client application.
Pre requisites 1. Anypoint Platform a. MuleSoft Anypoint Studio b. CloudHub c. Anypoint API Gateway The application could be deployed to an on premise environment as well, but for this recipe the cloud-based MuleSoft integration platform CloudHub, also called as iPaaS (Integration Platform as a Service) would be used. 2. OAuth 2.0 Provider - Google OAuth 3. Postman for testing the API 4. An API for extracting Account information from Salesforce is already available to be consumed The Process High Level Steps: 1. Enabling OAuth 2.0 Provider to ensure that the API requires valid OAuth tokens through the simple application of policies on-the fly using Anypoint API Manager 2. Applying OAuth 2.0 Policy on an API by specifying an OAuth 2.0 security scheme in its RAML specification and implementing it with Anypoint Studio. 3. Testing OAuth 2.0 Secured API and interacting with the API’s OAuth protected resources through its RAML console with client ID and client secrets that can be obtained through the Anypoint API Portal’s application registration feature
1. Enabling OAuth 2.0 Provider Any OAuth provider could be used, but for this case using Google OAuth Provider. Below are the steps to configure Google as OAuth provider: A. Create a developer account at https://console.developers.google.com/, if you don’t have one. B. Login with this developer account at https://console.developers.google.com/ C. Click "CREATE PROJECT". D. Enter the project name “oauth2-test-provider” as shown below:
E. Click “CREATE”. Google will now create the project and this will take a minute or so. F. Click “Credentials” in the screen that follows as shown below: G. Click “Create credentials”
H. Select “OAuth client ID”
I. Click on “Configure consent screen” J. Enter a value for “Product name shown to users” e.g. “OAuthProvider_Test” and click “Save”
K. Select “Web Application”, enter a value in “Name” e.g. OAuthProvider_Test, enter valid value (API URL) in “Authorised redirect URIs” e.g. http://oauth2accountservices.eu.cloudhub.io/, http://www.getpostman.com/aouth2/callback and then click “Create”.
L. Copy the generated client ID and client secret and keep it safe to be used later. Click OK.
M. The new Credentials would be created with the Client ID and Client Secret as shown below: N. Using the Client ID and Client Secret that were generated above in step L form the following URL and open it in a new browser window: Format: https://accounts.google.com/o/oauth2/v2/auth?scope=email%20profile&redir ect_uri=<Redirect URI specified in Step K>&response_type=token&client_id=<Client ID generated in Step L> Example: https://accounts.google.com/o/oauth2/v2/auth?scope=email%20profile&redir ect_uri=http%3A%2F%2Foauth2accountservices.eu.cloudhub.io%2F&respons e_type=token&client_id=8972789666- e9nbi6ma8rf83n5lkljlkoejl3vg0ik1.apps.googleusercontent.com O. Google OAuth Provider would ask to give/allow permissions to the client ID represented by OAuthProvider_Test, which is created above, to agree to the terms of authorization. Click “Allow”.
P. The API URL opens and the OAuth 2.0 Provider is set now. Next, apply this to the actual API endpoint which needs to be secured. 2. Apply OAuth2 Policy on the API Below are the steps to secure your API using OAuth2 policy: A. Sign-in to Anypoint Platform https://anypoint.mulesoft.com/login/#/signin
B. After successful login, the following screen shall be displayed: C. Click on “API Manager” (or can also be navigated through the top left menu) D. The API administration page appears, listing all active APIs, if there are any and which the user is authorized to see. E. Search for the API over which the policy needs to be applied. (e.g. AccountCreation depicted below for demonstration).
F. Click on the version as indicated above (1.0 in this case) G. API administration screen shall be presented to the user as shown below: H. Click on Policies tab that appears as you scroll down the API administration page.
I. Select “OAuth 2.0 access token enforcement using external provider” from the list of available policies and click on Apply. J. Since the OAuth provider for this illustration is Google, enter the value “https://accounts.google.com/o/oauth2/tokeninfo” for “Access Token validation endpoint url” and click Apply (leave the value for Scopes empty)
K. The policy is added and it appears in the “Applied policies” section as shown below: 3. Testing the OAuth 2.0 SecuredAPI Testing the OAuth secured API is a two-step process:
A. Get the access token by passing Client ID, Client Secret, Scope and Redirect URI which are configured when enabling the OAuth Provider (Refer Section 1 and Step L above) Format: https://accounts.google.com/o/oauth2/auth?client_id=<<replace with client id>>&response_type=token&scope=email&redirect_uri=https://developers.g oogle.com/oauthplayground/ Example: https://accounts.google.com/o/oauth2/auth?client_id=8972789666- e9nbi6ma8rf83n5lkljlkoejl3vg0ik1.apps.googleusercontent.com&response_typ e=token&scope=email&redirect_uri=https://developers.google.com/oauthpla yground/ This generates access token required for authenticating with API B. Pass the token obtained from Step A above as a query parameter to the API service URL as below e.g. http://oauth2-account-services- api.eu.cloudhub.io/CreateAccount?access_token= ya29.Ci-BA0Dgay- GEVsuiIRDfgp6Zelz_XqcMEaJqi82LHevcmi0jgmM8RTsNZPKWIKxdw This two-step process could be combined and achieved in one step using Postman as below: A. Open Postman. B. Go to Authorization Tab, Select Type as OAuth 2.0 and click on “Get New Access Token”.
C. Provide all the details as shown below along with the Client ID and Client Secret generated in Section 1 and Step L above.
NOTE: The Callback URL of Postman which is shown in this screenshot should be configured as Authorized Redirect URI while configuring project (Shown in Step L), which we already did. D. Click on “Request Token”. This will generate the access_token as shown below. Change “Add token to” from ‘Header’ to ‘Query Parameter’, the access token will be appended to URL as query parameter and click “Use Token” NOTE: Keep ‘Add token to’ as is if you want to pass the token in the header E. Trigger a POST request with the URL “http://oauth2-account-services- api.eu.cloudhub.io/CreateAccount“ and a JSON request body as shown below. A valid API response should be shown in the Body tab of Response section.
Anticipated Issues 1. If an invalid access_token is passed the following error response “invalid_token” should be shown. Please validate and confirm a right access_token is used.
References 1. https://docs.mulesoft.com/anypoint-platform-for-apis/building-an-external- oauth-2.0-provider-application

Recommended

Cloud hub deployment
Cloud hub deploymentCloud hub deployment
Cloud hub deploymentsivachandra mandalapu
 
Deployment options for mule applications
Deployment options for mule applicationsDeployment options for mule applications
Deployment options for mule applicationssivachandra mandalapu
 
Github plugin setup in anypointstudio
Github plugin setup in anypointstudioGithub plugin setup in anypointstudio
Github plugin setup in anypointstudioRajkattamuri
 
Git hub plugin setup and working with Git hub on anypoint studio
Git hub plugin setup and working with Git hub on anypoint studioGit hub plugin setup and working with Git hub on anypoint studio
Git hub plugin setup and working with Git hub on anypoint studioSudha Ch
 
How to commit a project in svn using svn plugin in anypoint studio
How to commit a project in svn using svn plugin in anypoint studioHow to commit a project in svn using svn plugin in anypoint studio
How to commit a project in svn using svn plugin in anypoint studioSudha Ch
 
Mule management console installation
Mule management console installation Mule management console installation
Mule management console installation javeed_mhd
 
Mule esb
Mule esbMule esb
Mule esbGennaro Spagnoli
 
Product update zoom + orangescrum integration released!
Product update zoom + orangescrum integration released!Product update zoom + orangescrum integration released!
Product update zoom + orangescrum integration released!Orangescrum
 

Recommended

Cloud hub deployment
Cloud hub deploymentCloud hub deployment
Cloud hub deploymentsivachandra mandalapu
 
Deployment options for mule applications
Deployment options for mule applicationsDeployment options for mule applications
Deployment options for mule applicationssivachandra mandalapu
 
Github plugin setup in anypointstudio
Github plugin setup in anypointstudioGithub plugin setup in anypointstudio
Github plugin setup in anypointstudioRajkattamuri
 
Git hub plugin setup and working with Git hub on anypoint studio
Git hub plugin setup and working with Git hub on anypoint studioGit hub plugin setup and working with Git hub on anypoint studio
Git hub plugin setup and working with Git hub on anypoint studioSudha Ch
 
How to commit a project in svn using svn plugin in anypoint studio
How to commit a project in svn using svn plugin in anypoint studioHow to commit a project in svn using svn plugin in anypoint studio
How to commit a project in svn using svn plugin in anypoint studioSudha Ch
 
Mule management console installation
Mule management console installation Mule management console installation
Mule management console installation javeed_mhd
 
Mule esb
Mule esbMule esb
Mule esbGennaro Spagnoli
 
Product update zoom + orangescrum integration released!
Product update zoom + orangescrum integration released!Product update zoom + orangescrum integration released!
Product update zoom + orangescrum integration released!Orangescrum
 
Creating a mule project with raml and api
Creating a mule project with raml and apiCreating a mule project with raml and api
Creating a mule project with raml and apiBhargav Ranjit
 
JUnit and MUnit Set Up In Anypoint Studio
JUnit and MUnit Set Up In Anypoint StudioJUnit and MUnit Set Up In Anypoint Studio
JUnit and MUnit Set Up In Anypoint StudioSudha Ch
 
Google app engine
Google app engineGoogle app engine
Google app engineshreyashsrs66
 
Team project app
Team project appTeam project app
Team project appDineshisaac
 
Mule environments
Mule environmentsMule environments
Mule environmentsSon Nguyen
 
What’s new task due date, active guest users, and more enhancements released
What’s new task due date, active guest users, and more enhancements releasedWhat’s new task due date, active guest users, and more enhancements released
What’s new task due date, active guest users, and more enhancements releasedOrangescrum
 
Eclipse 2.5 Subversion Plugin Installation
Eclipse 2.5 Subversion Plugin InstallationEclipse 2.5 Subversion Plugin Installation
Eclipse 2.5 Subversion Plugin InstallationSandeepSeshan
 
Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...
Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...
Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...InnovationM
 
Mule Integration with Dropbox
Mule Integration with DropboxMule Integration with Dropbox
Mule Integration with DropboxRamakrishna Narkedamilli
 
Mule deploying a cloud hub application
Mule deploying a cloud hub applicationMule deploying a cloud hub application
Mule deploying a cloud hub applicationD.Rajesh Kumar
 
How to build ios app
How to build ios appHow to build ios app
How to build ios appNishant Raj
 
Web application development process
Web application development processWeb application development process
Web application development processJohn Smith
 
Admin Panel
Admin Panel Admin Panel
Admin Panel Lahore Garrison University
 
Mule deploying a cloud hub application
Mule deploying a cloud hub applicationMule deploying a cloud hub application
Mule deploying a cloud hub applicationcharan teja R
 
Mule maven
Mule mavenMule maven
Mule mavenThang Loi
 
DotNet Cologne 2015 - Windows 10 AppDev, Teil2: Coole APIs - (Daniel Meixner)
DotNet Cologne 2015 - Windows 10 AppDev, Teil2: Coole APIs - (Daniel Meixner)DotNet Cologne 2015 - Windows 10 AppDev, Teil2: Coole APIs - (Daniel Meixner)
DotNet Cologne 2015 - Windows 10 AppDev, Teil2: Coole APIs - (Daniel Meixner)Daniel Meixner
 
How to commit a project in svn using svn plugin in anypointstudio
How to commit a project in svn using svn plugin in anypointstudioHow to commit a project in svn using svn plugin in anypointstudio
How to commit a project in svn using svn plugin in anypointstudiojaveed_mhd
 
OAuth 2.0
OAuth 2.0 OAuth 2.0
OAuth 2.0 marcwan
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Ubisecure
 

More Related Content

What's hot

Creating a mule project with raml and api
Creating a mule project with raml and apiCreating a mule project with raml and api
Creating a mule project with raml and apiBhargav Ranjit
 
JUnit and MUnit Set Up In Anypoint Studio
JUnit and MUnit Set Up In Anypoint StudioJUnit and MUnit Set Up In Anypoint Studio
JUnit and MUnit Set Up In Anypoint StudioSudha Ch
 
Team project app
Team project appTeam project app
Team project appDineshisaac
 
Mule environments
Mule environmentsMule environments
Mule environmentsSon Nguyen
 
What’s new task due date, active guest users, and more enhancements released
What’s new task due date, active guest users, and more enhancements releasedWhat’s new task due date, active guest users, and more enhancements released
What’s new task due date, active guest users, and more enhancements releasedOrangescrum
 
Eclipse 2.5 Subversion Plugin Installation
Eclipse 2.5 Subversion Plugin InstallationEclipse 2.5 Subversion Plugin Installation
Eclipse 2.5 Subversion Plugin InstallationSandeepSeshan
 
Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...
Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...
Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...InnovationM
 
Mule deploying a cloud hub application
Mule deploying a cloud hub applicationMule deploying a cloud hub application
Mule deploying a cloud hub applicationD.Rajesh Kumar
 
How to build ios app
How to build ios appHow to build ios app
How to build ios appNishant Raj
 
Web application development process
Web application development processWeb application development process
Web application development processJohn Smith
 
Mule deploying a cloud hub application
Mule deploying a cloud hub applicationMule deploying a cloud hub application
Mule deploying a cloud hub applicationcharan teja R
 
DotNet Cologne 2015 - Windows 10 AppDev, Teil2: Coole APIs - (Daniel Meixner)
DotNet Cologne 2015 - Windows 10 AppDev, Teil2: Coole APIs - (Daniel Meixner)DotNet Cologne 2015 - Windows 10 AppDev, Teil2: Coole APIs - (Daniel Meixner)
DotNet Cologne 2015 - Windows 10 AppDev, Teil2: Coole APIs - (Daniel Meixner)Daniel Meixner
 
How to commit a project in svn using svn plugin in anypointstudio
How to commit a project in svn using svn plugin in anypointstudioHow to commit a project in svn using svn plugin in anypointstudio
How to commit a project in svn using svn plugin in anypointstudiojaveed_mhd
 

What's hot (17)

Creating a mule project with raml and api
Creating a mule project with raml and apiCreating a mule project with raml and api
Creating a mule project with raml and api
 
JUnit and MUnit Set Up In Anypoint Studio
JUnit and MUnit Set Up In Anypoint StudioJUnit and MUnit Set Up In Anypoint Studio
JUnit and MUnit Set Up In Anypoint Studio
 
Google app engine
Google app engineGoogle app engine
Google app engine
 
Team project app
Team project appTeam project app
Team project app
 
Mule environments
Mule environmentsMule environments
Mule environments
 
What’s new task due date, active guest users, and more enhancements released
What’s new task due date, active guest users, and more enhancements releasedWhat’s new task due date, active guest users, and more enhancements released
What’s new task due date, active guest users, and more enhancements released
 
Eclipse 2.5 Subversion Plugin Installation
Eclipse 2.5 Subversion Plugin InstallationEclipse 2.5 Subversion Plugin Installation
Eclipse 2.5 Subversion Plugin Installation
 
Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...
Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...
Firebase crashlytics integration in iOS swift (dSYM File Required Problem Res...
 
Mule Integration with Dropbox
Mule Integration with DropboxMule Integration with Dropbox
Mule Integration with Dropbox
 
Mule deploying a cloud hub application
Mule deploying a cloud hub applicationMule deploying a cloud hub application
Mule deploying a cloud hub application
 
How to build ios app
How to build ios appHow to build ios app
How to build ios app
 
Web application development process
Web application development processWeb application development process
Web application development process
 
Admin Panel
Admin Panel Admin Panel
Admin Panel
 
Mule deploying a cloud hub application
Mule deploying a cloud hub applicationMule deploying a cloud hub application
Mule deploying a cloud hub application
 
Mule maven
Mule mavenMule maven
Mule maven
 
DotNet Cologne 2015 - Windows 10 AppDev, Teil2: Coole APIs - (Daniel Meixner)
DotNet Cologne 2015 - Windows 10 AppDev, Teil2: Coole APIs - (Daniel Meixner)DotNet Cologne 2015 - Windows 10 AppDev, Teil2: Coole APIs - (Daniel Meixner)
DotNet Cologne 2015 - Windows 10 AppDev, Teil2: Coole APIs - (Daniel Meixner)
 
How to commit a project in svn using svn plugin in anypointstudio
How to commit a project in svn using svn plugin in anypointstudioHow to commit a project in svn using svn plugin in anypointstudio
How to commit a project in svn using svn plugin in anypointstudio
 

Similar to Securing api with_o_auth2

OAuth 2.0
OAuth 2.0 OAuth 2.0
OAuth 2.0 marcwan
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Ubisecure
 
Setting up organization with api access
Setting up organization with api accessSetting up organization with api access
Setting up organization with api accesssivachandra mandalapu
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportGaurav Sharma
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityNexThoughts Technologies
 
Google external login setup in ASP (1).pdf
Google external login setup in ASP (1).pdfGoogle external login setup in ASP (1).pdf
Google external login setup in ASP (1).pdffindandsolve .com
 
Oauth 2.0 security
Oauth 2.0 securityOauth 2.0 security
Oauth 2.0 securityvinoth kumar
 
Integrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use caseIntegrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use caseBahman Kalali
 
Microsoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsMicrosoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsStefan Weber
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...Ganesh Kumar
 
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachiapidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachiapidays
 
OAuth2 Introduction
OAuth2 IntroductionOAuth2 Introduction
OAuth2 IntroductionArpit Suthar
 
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect Nilanjan Roy
 
Applying OAuth on RingCentral API (part 3)
Applying OAuth on RingCentral API (part 3)Applying OAuth on RingCentral API (part 3)
Applying OAuth on RingCentral API (part 3)Anirban Sen Chowdhary
 

Similar to Securing api with_o_auth2 (20)

OAuth 2.0
OAuth 2.0 OAuth 2.0
OAuth 2.0
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0
 
Setting up organization with api access
Setting up organization with api accessSetting up organization with api access
Setting up organization with api access
 
Introduction to OAuth2
Introduction to OAuth2Introduction to OAuth2
Introduction to OAuth2
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
 
OAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring SecurityOAuth2 Protocol with Grails Spring Security
OAuth2 Protocol with Grails Spring Security
 
OAuth and Open-id
OAuth and Open-idOAuth and Open-id
OAuth and Open-id
 
Google external login setup in ASP (1).pdf
Google external login setup in ASP (1).pdfGoogle external login setup in ASP (1).pdf
Google external login setup in ASP (1).pdf
 
Oauth 2.0 security
Oauth 2.0 securityOauth 2.0 security
Oauth 2.0 security
 
Integrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use caseIntegrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use case
 
Microsoft Graph API Delegated Permissions
Microsoft Graph API Delegated PermissionsMicrosoft Graph API Delegated Permissions
Microsoft Graph API Delegated Permissions
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
 
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachiapidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
 
OAuth2 Introduction
OAuth2 IntroductionOAuth2 Introduction
OAuth2 Introduction
 
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
 
Applying OAuth on RingCentral API (part 3)
Applying OAuth on RingCentral API (part 3)Applying OAuth on RingCentral API (part 3)
Applying OAuth on RingCentral API (part 3)
 

More from sivachandra mandalapu

How to use secure property placeholder
How to use secure property placeholderHow to use secure property placeholder
How to use secure property placeholdersivachandra mandalapu
 
Specifying a default exception strategy
Specifying a default exception strategySpecifying a default exception strategy
Specifying a default exception strategysivachandra mandalapu
 
Defining global exception strategies
Defining global exception strategiesDefining global exception strategies
Defining global exception strategiessivachandra mandalapu
 
Synchronous communication using jms back channel
Synchronous communication using jms back channelSynchronous communication using jms back channel
Synchronous communication using jms back channelsivachandra mandalapu
 

More from sivachandra mandalapu (20)

Mock component in munit
Mock component in munitMock component in munit
Mock component in munit
 
Jms selector
Jms selectorJms selector
Jms selector
 
Sftplite
SftpliteSftplite
Sftplite
 
Object store
Object storeObject store
Object store
 
How to use SFTP
How to use SFTPHow to use SFTP
How to use SFTP
 
How to use secure property placeholder
How to use secure property placeholderHow to use secure property placeholder
How to use secure property placeholder
 
Specifying a default exception strategy
Specifying a default exception strategySpecifying a default exception strategy
Specifying a default exception strategy
 
Defining global exception strategies
Defining global exception strategiesDefining global exception strategies
Defining global exception strategies
 
Reference exception strategy
Reference exception strategyReference exception strategy
Reference exception strategy
 
Validate json schema
Validate json schemaValidate json schema
Validate json schema
 
Validation
ValidationValidation
Validation
 
Property place holder
Property place holderProperty place holder
Property place holder
 
Collection aggregator
Collection aggregatorCollection aggregator
Collection aggregator
 
API gateway setup
API gateway setupAPI gateway setup
API gateway setup
 
Splitter
SplitterSplitter
Splitter
 
Expression
ExpressionExpression
Expression
 
Bean as Datasource
Bean as DatasourceBean as Datasource
Bean as Datasource
 
Synchronous communication using jms back channel
Synchronous communication using jms back channelSynchronous communication using jms back channel
Synchronous communication using jms back channel
 
Sap
SapSap
Sap
 
Salesforce
SalesforceSalesforce
Salesforce
 

Recently uploaded

Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 

Securing api with_o_auth2

  • 1. Implementing OAUTH2 on an API The objective of this recipe is to secure a RAML based API using OAuth2. Figure 1: API management
  • 2. OAuth 2.0 Flow: Figure 2: OAuth 2.0 Flow 1. The client application requests a token from the provider. 2. The provider returns a token. 3. The client application includes the token either as an authentication header or a query parameter in a request to the API. 4. The OAuth 2.0 Access Token Enforcement Using External Provider Policy intercepts this request and communicates with the provider to validate the token. 5. The validated token is whitelisted and kept on record until expiration. Any further requests that contain this token are not validated against the OAuth provider. 6. If the token is valid, the request is forwarded to the API. 7. The API responds to the client application.
  • 3. Pre requisites 1. Anypoint Platform a. MuleSoft Anypoint Studio b. CloudHub c. Anypoint API Gateway The application could be deployed to an on premise environment as well, but for this recipe the cloud-based MuleSoft integration platform CloudHub, also called as iPaaS (Integration Platform as a Service) would be used. 2. OAuth 2.0 Provider - Google OAuth 3. Postman for testing the API 4. An API for extracting Account information from Salesforce is already available to be consumed The Process High Level Steps: 1. Enabling OAuth 2.0 Provider to ensure that the API requires valid OAuth tokens through the simple application of policies on-the fly using Anypoint API Manager 2. Applying OAuth 2.0 Policy on an API by specifying an OAuth 2.0 security scheme in its RAML specification and implementing it with Anypoint Studio. 3. Testing OAuth 2.0 Secured API and interacting with the API’s OAuth protected resources through its RAML console with client ID and client secrets that can be obtained through the Anypoint API Portal’s application registration feature
  • 4. 1. Enabling OAuth 2.0 Provider Any OAuth provider could be used, but for this case using Google OAuth Provider. Below are the steps to configure Google as OAuth provider: A. Create a developer account at https://console.developers.google.com/, if you don’t have one. B. Login with this developer account at https://console.developers.google.com/ C. Click "CREATE PROJECT". D. Enter the project name “oauth2-test-provider” as shown below:
  • 5. E. Click “CREATE”. Google will now create the project and this will take a minute or so. F. Click “Credentials” in the screen that follows as shown below: G. Click “Create credentials”
  • 6. H. Select “OAuth client ID”
  • 7. I. Click on “Configure consent screen” J. Enter a value for “Product name shown to users” e.g. “OAuthProvider_Test” and click “Save”
  • 8. K. Select “Web Application”, enter a value in “Name” e.g. OAuthProvider_Test, enter valid value (API URL) in “Authorised redirect URIs” e.g. http://oauth2accountservices.eu.cloudhub.io/, http://www.getpostman.com/aouth2/callback and then click “Create”.
  • 9. L. Copy the generated client ID and client secret and keep it safe to be used later. Click OK.
  • 10. M. The new Credentials would be created with the Client ID and Client Secret as shown below: N. Using the Client ID and Client Secret that were generated above in step L form the following URL and open it in a new browser window: Format: https://accounts.google.com/o/oauth2/v2/auth?scope=email%20profile&redir ect_uri=<Redirect URI specified in Step K>&response_type=token&client_id=<Client ID generated in Step L> Example: https://accounts.google.com/o/oauth2/v2/auth?scope=email%20profile&redir ect_uri=http%3A%2F%2Foauth2accountservices.eu.cloudhub.io%2F&respons e_type=token&client_id=8972789666- e9nbi6ma8rf83n5lkljlkoejl3vg0ik1.apps.googleusercontent.com O. Google OAuth Provider would ask to give/allow permissions to the client ID represented by OAuthProvider_Test, which is created above, to agree to the terms of authorization. Click “Allow”.
  • 11. P. The API URL opens and the OAuth 2.0 Provider is set now. Next, apply this to the actual API endpoint which needs to be secured. 2. Apply OAuth2 Policy on the API Below are the steps to secure your API using OAuth2 policy: A. Sign-in to Anypoint Platform https://anypoint.mulesoft.com/login/#/signin
  • 12. B. After successful login, the following screen shall be displayed: C. Click on “API Manager” (or can also be navigated through the top left menu) D. The API administration page appears, listing all active APIs, if there are any and which the user is authorized to see. E. Search for the API over which the policy needs to be applied. (e.g. AccountCreation depicted below for demonstration).
  • 13. F. Click on the version as indicated above (1.0 in this case) G. API administration screen shall be presented to the user as shown below: H. Click on Policies tab that appears as you scroll down the API administration page.
  • 14. I. Select “OAuth 2.0 access token enforcement using external provider” from the list of available policies and click on Apply. J. Since the OAuth provider for this illustration is Google, enter the value “https://accounts.google.com/o/oauth2/tokeninfo” for “Access Token validation endpoint url” and click Apply (leave the value for Scopes empty)
  • 15. K. The policy is added and it appears in the “Applied policies” section as shown below: 3. Testing the OAuth 2.0 SecuredAPI Testing the OAuth secured API is a two-step process:
  • 16. A. Get the access token by passing Client ID, Client Secret, Scope and Redirect URI which are configured when enabling the OAuth Provider (Refer Section 1 and Step L above) Format: https://accounts.google.com/o/oauth2/auth?client_id=<<replace with client id>>&response_type=token&scope=email&redirect_uri=https://developers.g oogle.com/oauthplayground/ Example: https://accounts.google.com/o/oauth2/auth?client_id=8972789666- e9nbi6ma8rf83n5lkljlkoejl3vg0ik1.apps.googleusercontent.com&response_typ e=token&scope=email&redirect_uri=https://developers.google.com/oauthpla yground/ This generates access token required for authenticating with API B. Pass the token obtained from Step A above as a query parameter to the API service URL as below e.g. http://oauth2-account-services- api.eu.cloudhub.io/CreateAccount?access_token= ya29.Ci-BA0Dgay- GEVsuiIRDfgp6Zelz_XqcMEaJqi82LHevcmi0jgmM8RTsNZPKWIKxdw This two-step process could be combined and achieved in one step using Postman as below: A. Open Postman. B. Go to Authorization Tab, Select Type as OAuth 2.0 and click on “Get New Access Token”.
  • 17. C. Provide all the details as shown below along with the Client ID and Client Secret generated in Section 1 and Step L above.
  • 18. NOTE: The Callback URL of Postman which is shown in this screenshot should be configured as Authorized Redirect URI while configuring project (Shown in Step L), which we already did. D. Click on “Request Token”. This will generate the access_token as shown below. Change “Add token to” from ‘Header’ to ‘Query Parameter’, the access token will be appended to URL as query parameter and click “Use Token” NOTE: Keep ‘Add token to’ as is if you want to pass the token in the header E. Trigger a POST request with the URL “http://oauth2-account-services- api.eu.cloudhub.io/CreateAccount“ and a JSON request body as shown below. A valid API response should be shown in the Body tab of Response section.
  • 19. Anticipated Issues 1. If an invalid access_token is passed the following error response “invalid_token” should be shown. Please validate and confirm a right access_token is used.