2.0 — OAuth OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification and its extensions are being developed within the IETF OAuth Working Group. OAuth 2.1 is an in-progress effort to consolidate OAuth 2.0 and many common extensions under a new name. Questions, suggestions and protocol changes should be discussed on the mailing list. Video Course: The Nuts and Bolts of OAuth 2.0 by Aaron Parecki OAuth 2.0 Mobile and Other Devices Native Apps - Recommendations for using OAuth with native apps Browser-Based Apps - Recommendations for using OAuth with browser-based apps (e.g. an SPA) Device Authorization Grant - OAuth for devices with no browser or no keyboard Token and Token Management Discovery and Registration High Security OAuth These specs are used to add additional security properties on top of OAuth 2.0.
Authentication Methods Overview - Current Mule Documentation There are several common authentication protocols that APIs generally use. In most cases, you will implement at least one authentication method in your Anypoint™ DevKit connector. To help you decide which method to use, this document offers a brief description of each of the most popular methods. Basic Authorization In essence, this authentication method demands that a client prove authenticity by entering a username and password. While this authentication method meets the need of the application, it also opens the door for the application to do much more than simply check for "self-liked" posts. OAuth A broadly-used alternative to username-password authentication is OAuth (Open standard for Authorization). Unlike other protocols, OAuth retains a state (for example, connected) in a cookie and, therefore, doesn't need to send token information with each request it submits. Other Protocols Kerberos Go Further NEXT: Implementing Connection Management.
OAuth | GitHub API OAuth2 is a protocol that lets external applications request authorization to private details in a user's GitHub account without getting their password. This is preferred over Basic Authentication because tokens can be limited to specific types of data, and can be revoked by users at any time. All developers need to register their application before getting started. A registered OAuth application is assigned a unique Client ID and Client Secret. The Client Secret should not be shared. GitHub's OAuth implementation supports the standard authorization code grant type. Web Application Flow This is a description of the OAuth2 flow from 3rd party web sites. 1. GET Parameters 2. If the user accepts your request, GitHub redirects back to your site with a temporary code in a code parameter as well as the state you provided in the previous step in a state parameter. Exchange this for an access token: POST Response 3.
OAuth 2 just got a bit easier Ever since Devkit made its first entry into the Mule family, a big variety of OAuth enabled Cloud Connectors were made available. Salesforce, Facebook, Twitter, Dropbox, LinkedIn and Google Apps suite are just some examples of the APIs we’ve connected to using that support. When we started thinking about the August 2013 release we decided to take it one step forward and make it easier than ever. And now that Mule 3.5-andes is available on CloudHub, you’ll be able to leverage all these improvements into your integrations. So, imagine this integration app: Multitenant applicationPolls CSV files from a FTP endpointCreates that contact in Salesforce So, let’s see how such a flow would look right now: So that doesn’t look that bad! Ever since Mule 3.3.1, Cloud Connectors have provided support for multi tenant applications. This is actually more complex than it sounds, since it requires a lookup to adapt the user id in your mule app to the user id in the OAuth provider. Let’s look at it on XML:
October 2013 Release: Expanded DataSense connectivity Expanded DataSense capabilities We believe that metadata-driven design is the number one productivity enhancer for SaaS to on-premise integration. Therefore, the number one goal of the release was to greatly expand the number of connectors which support DataSense and DataSense Query Language. To this end, we’ve made many improvements to Mule Studio, Anypoint Connectors and the CloudHub Mule Runtime (see below) to make these connectors work seamlessly. Another key feature we’ve added is an advanced editor for DataSense Query Language. The expanded list of connectors which now supports DataSense includes: Additionally, we’re updating more and more connectors all the time, with many more coming before the end of the year. Auto-paging and Anypoint Connectors If you’ve ever worked with large data sets, you know that it can be difficult to deal with multiple pages of results. For this, we’ve introduced auto-paging for connectors. CloudHub Mule Runtime Other Improvements Related posts:
Mule OAuth2 support: Even easier still This post is brought to you by… you! Yes, a couple of weeks back I was writing about how dealing with OAuth2 secured APIs got way easier since Mule’s August 2013 Release. We got such a great feedback that we decided to incorporate some of it in our latest October 2013 release. Token Management vs. So let’s do a quick recap. In this case, Mule will automatically handle your tokens by using the connector’s config name (in this case “mySalesForceConnector“) as the token id. This is not enough for the multitenant case, since different tenants need to have different token ids (otherwise user1 could end up entering user2′s account and everything would be a big mess). This is great and a huge improvement over Mule 3.4.x. Repetition: Worst thing can happen to an artist So yes, the problem here is repetition. This is how it works: Each time an OAuth2 protected operation is found (and this includes the authorize) we check if the message processor has its own accessTokenId expression. Neat isn’t it?
How to Protect Your APIs with OAuth On this 10th ‘Day of Christmas’ Mule blog post, we tackle an increasingly important question in the world of APIs: Presume that you would like to create a remote API (which perhaps exposes some legacy business logic) for access by internal and/or external clients. How can you make sure that access to your API is protected in such a way that: A) Only clients that you trust can access them; B) Those clients can access your API through the explicit authorization of their end-users; and C) The end-users can be authenticated with a central entity, *withouth* having to share their credentials with your API’s clients. It turns out that over the last couple of years, as the prominence of remote APIs, specially REST based ones, has increased, the need for a good answer to this question has become critical. At the onset, to address the question, many proprietary web authentication protocols were created (AuthSub, AOL’s OpenAuth, Yahoo’s BBAuth, and others…). Related posts:
Introducing Mule Enterprise Security Service-Oriented Architectures (SOA) present unique security challenges due to loose service/application coupling and operations running across trust boundaries. To help our customers address these challenges, we have extended the Mule ESB platform security in several key areas and are making these extensions available through our Mule Enterprise Security package. This blog post will introduce the key components of that soon to be released package. Product Overview The first thing to know about Mule Enterprise Security is that it builds on top of Mule ESB Enterprise’s existing security capabilities. Mule ESB Enterprise already provides a solid set of security features, including: The new capabilities included in Mule Enterprise Security extend these existing security features while leveraging the benefits associated with Mule flows such as support for streaming and the Mule Expression Language. Secure Token Service – OAuth 2.0 Provider Credentials Vault Message Encryption Digital Signatures