Step-by-step OAuth2 configuration in HTTP Connector

June 15 2016

18 comments 0
motif

In this blog post, I’d like to show you a step-by-step guide on how to set up an OAuth2 configuration using the HTTP Connector in Studio 6.0. I will use the GitHub RAML using the OAuth2 configuration to get a list of emojis supported by GitHub. You can also follow this example to set your OAuth2 configuration using the HTTP Connector for different RAMLs or APIs.

Step 1 –  Create a simple Mule flow  in Studio

Note: You can use the same HTTP Connector for both HTTP Listener and HTTP Request

Step1Step 2 – Configure the HTTP Listener

When you click on HTTP Listener (the first HTTP) and click on + in the panel, you will see the HTTP Listener Configuration.

HTTP_Listener

For this demo, I will make my Mule app listen to localhost:8081/.

HTTP_Listener_Configuration

Step 3 –  Get the GitHub RAML from Anypoint Exchange

When you click on HTTP Request (the second HTTP in the flow), click on + in the panel, and you will see the HTTP Request Configuration.

HTTP_Request

Click on “Search RAML in Exchange” to get the GitHub RAML from the Exchange.

Screen Shot 2016-06-03 at 4.48.09 PM

GitHub_RAML

Step 4 – Configure OAuth2

When you click on the “Authentication” tab in the HTTP Request Configuration, you will see some fields such as Authorization Url, Scopes, and Token Url automatically filled out from the GitHub RAMLMake sure that the below six fields are filled out in the OAuth2 configuration: Client Id, Client Secret, Redirection (Callback) URL, Local Authorization Url, Access Token and Refresh Token.

OAuth2

  • Find Client Id, Client Secret and Redirection (Callback) URL from GitHub. You can find this information in Settings -> OAuth applications -> Developer applications in GitHub.
  • Pick a local authorization URL. Local authorization URL will be used to initiate an“OAuth2 dance.
  • Write an MEL expression to extract an access token and a refresh token. In GitHub’s case, it doesn’t return a refresh token, so I will put the same expression for the access token and refresh token. (#[payload.’access_token’]) However, since the format of the response to this request to the token URL is not defined in the OAuth spec, each service could return a different response format.

After you complete the step 4, your Authentication Configuration should look like the image below.

Screen Shot 2016-06-24 at 8.18.52 AM

Step 5 – Select “emojis” in Path

Since “emojis” doesn’t require any parameters, you can remove the following parameters in the header.

emojis_path

Step 6 – Get a list of the emojis that GitHub supports

After running the Mule app, initiate an “OAuth2 dance” by hitting the local authorization URL (http://localhost:8082/login) specified in the HTTP Request Configuration. Once an access token is created, you can receive a list of the emojis GitHub supports by hitting http://localhost:8081/github.

List_of_emojis

For new users, try the above example to get started, and for others, please share with us which RAMLs or endpoints you are connecting with HTTP Request.

 

 


We'd love to hear your opinion on this post

18 Responses to “Step-by-step OAuth2 configuration in HTTP Connector”

  1. Hi,
    “Find Client Id, Client Secret and Redirection (Callback) URL from GitHub. You can find this information in Settings -> OAuth applications -> Developer applications in GitHub.” . I am not able to find these attributes. How do I get these from GitHub. Can you please advice on how to navigate to Github to those details.
    When I clicked on the RAML location from Anypoint studio 6.1, it has populated https://anypoint.mulesoft.com/apiplatform/repository/public/organizations/52560d3f-c37a-409d-9887-79e0a9a9ecff/apis/7782/versions/7918/files/root.

    Agree(0)Disagree(0)Comment
    • Satish,

      Glad to know that you are trying out this demo application. After you log into Github (If you don’t have account, you can create a free account), and go to “Settings” -> scroll down to “Developer Settings” -> you will find “OAuth Applications”. In “OAuth Applications”, you need to create a new application by clicking on “Register a new application,” and fill out the necessary information including “Authorization callback URL” (i.e. localhost:8082/callback). Once you create the new application on GitHub, you will find Client ID and Client Secret.

      Thanks,
      Nathan

      Agree(0)Disagree(0)Comment
      • Thank you Nathan Nam. It works.

        Agree(0)Disagree(0)Comment
        • Hi Nathan Nam.
          Actually when I had set up and clicked on http://localhost:8082/login, getting the following details back.

          <head prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb# object:
          ……

          However when I clicked on http://localhost:8081/github,
          getting
          "No access token for the default user. Verify that you have authenticated the user before trying to execute an operation to the API. (org.mule.module.oauth2.api.RequestAuthenticationException).".
          How to check if access token is created?
          Thank you for your help.

          Agree(0)Disagree(0)Comment
          • Satish,

            Can you make sure what you put in “Access Token” and “Refresh Token” in the HTTP Request Configuration is the same as what I put in this post?

            Thanks,
            Nathan

            Agree(0)Disagree(0)
          • Nathan, yes Access token and Refresh token are the same as mentioned. Also noticed scopes is empty in my case. Where did you extract those values. Thank you.

            Agree(0)Disagree(0)
          • Satish,

            When you hit localhost:8082/login, did you see the OAuth Screen from GitHub?

            Agree(0)Disagree(0)
          • Hi Nathan,
            When I click the link localhost:8082/login on the browser(not postman), can see the Github login page for the Oauth application. When I entered my id/pw, getting the following.

            No listener for endpoint: /callback?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fv3%2Foauth%2F%23redirect-uri-mismatch

            Thank you for following it through.

            Agree(0)Disagree(0)
          • Satish,

            That means the Authorization callback url you have in your GitHub (not in the connector configuration) and that (we call it “Redirection URL”) you put in the connector configuration are not matched. Please make sure these two are same.

            Thanks,
            Nathan

            Agree(0)Disagree(0)
          • Moderator, can you please delete my previous comments. It may be confusing for readers.

            Started from scratch – new project. Made the following changes

            1. Http Request configuration, protocol:https; host name:api.github.com;port:443
            2. On Authenication tab, scopes was blank, still ok. Dont know how those value to be populated.
            Then it works.

            Thank you Nathan.

            Agree(1)Disagree(0)
  2. Hi Nathan,

    Thank you very much for this post, it helps a lot. I like the simplicity of your example and I got it to work without much trouble. I’m trying to implement 2 simples API: a hello world one, and another one, making a request to the hello world one, using OAuth 2.0. Do you know how to implement OAuth on the HW one?
    Thanks.

    Agree(0)Disagree(0)Comment
    • Emily,

      Glad to know it is helpful for you. I’m not familiar with the implementation of OAuth 2.0. You might get better answers in forums.mulesoft.com

      Thanks,
      Nathan

      Agree(0)Disagree(0)Comment
  3. Since 3.8.2 there is a system property to define the external redirection URL. You can use http://0.0.0.0:8081/login (same address and port as the listener, but different path) as local authorization URL. Then the property “mule.oauth2.externalRedirectUrl” must be set to the external address of the application (like “http://app.cloudhub.com/”).

    Agree(0)Disagree(0)Comment
  4. Hello Nathan,
    Actually my requirement is connecting to 3rd part REST api’s similar to above example.
    SFTP as inbound connector and using HTTP connector for POST/ PUT data to other server. For redirect and local authorization url we are using localhost with port 8082 and works perfectly in local IDE.
    To generate oAuth2 token I’m using SalesForce server and its callback url has been registered there.
    Same code when we deploy to cloud its giving error as
    “java.net.BindException: Cannot assign requested address”

    tried with all possible ways like

    https://localhost:8082/login
    https://.cloudhub.io:8082/login
    https://:8082/login
    https://:8082/login

    but no luck 🙁
    looking for some help.

    Regards,
    Anand

    Agree(0)Disagree(0)Comment