How quickly can you enable OAuth on an API and allow for client applications to be rapidly built for them? With the new OAuth 2.0 policy that is now available with the Anypoint Platform for APIs, the answer is no more than five minutes! Have a look for yourself with the following viewlet:
- Designing an API that is OAuth 2.0 protected by specifying an OAuth 2.0 security scheme in its RAML specification and implementing it with Anypoint Studio.
- Enabling an OAuth 2.0 provider that can use any LDAP server and ensuring that the API requires valid OAuth tokens through the simple application of policies – on-the fly – using Anypoint API Manager.
- Testing and interacting with the API’s now OAuth protected resources through its RAML console with client ID and client secrets that can be obtained through the Anypoint API Portal’s application registration feature.
Note that the OAuth 2.0 policy supports all of the OAuth 2.0 grant types, allows for the use of refresh tokens, and also supports OAuth scopes. The feature is currently in beta mode as it only works with the Mule 3.5 early access release. You can also download the sample application used in the viewlet right here and try out the steps by yourself.