...
This feature allows users to configure the following OAuth grant types for HTTP endpoints. You can use either Authorization Code grant type (Refresh token grant type), Client Credentials grant type or Password grant type depending on your preferred third-party service.
| Table of Contents | ||||
|---|---|---|---|---|
|
| Note |
|---|
You can use expressions (xpath or json path) to set these properties for. Refer Define Dynamic Expressions below for more details. |
| Warning |
|---|
|
Authorization Code and Refresh token grant type
The authorizationCode element contains the following parameters that are used to configure OAuth for the endpoint. All of the following attributes are required.
| Property Name | Description |
|---|---|
| clientId | The Client ID provided by the service when you register your application. |
| clientSecret | The Client Secret provided by the service when you register your application. |
| refreshToken | The Refresh Token obtained from the service while using the Authorization Grant. |
| tokenUrl | The token endpoint URL given by the service to obtain the access tokens. |
...
| . |
An example is shown below.
| Code Block |
|---|
<endpoint name="FoodEP" xmlns="http://ws.apache.org/ns/synapse">
<http method="get" uri-template="http://localhost:9192/service/foodservice">
<authentication>
<oauth>
<authorizationCode>
<clientId>K2RbnGP7VS</clientId>
<clientSecret>9zLrZAYR5b</clientSecret>
<refreshToken>y2Ne4Fccrj</refreshToken>
<tokenUrl>http://localhost:8678/token</tokenUrl>
</authorizationCode>
</oauth>
</authentication>
</http>
</endpoint> |
Client credentials grant type
The clientCredentials element contains the following parameters that are used to configure OAuth for the endpoint. All of the following attributes are required.
| Property Name | Description |
|---|---|
| clientId | The Client ID provided by the service when you register your application. |
| clientSecret | The Client Secret provided by the service when you register your application. |
| tokenUrl | The token endpoint URL given by the service to obtain the access tokens. |
An example is shown below.
| Code Block |
|---|
<endpoint name="FoodEP" xmlns="http://ws.apache.org/ns/synapse">
<http method="get" uri-template="http://localhost:9192/service/foodservice">
<authentication>
<oauth>
<clientCredentials>
<clientId>K2RbnGP7VS</clientId>
<clientSecret>9zLrZAYR5b</clientSecret>
<tokenUrl>http://localhost:8678/token</tokenUrl>
</clientCredentials>
</oauth>
</authentication>
</http>
</endpoint> |
Password grant type
The passwordCredentials element contains the following parameters that are used to configure OAuth for the endpoint. All of the following attributes are required.
| Property Name | Description |
|---|---|
| clientId | The Client ID provided by the service when you register your application. |
| clientSecret | The Client Secret provided by the service when you register your application. |
| username | Username of the user. |
| password | Password of the user. |
| tokenUrl | The token endpoint URL given by the service to obtain the access tokens. |
| Code Block |
|---|
<endpoint name="FoodEP" xmlns="http://ws.apache.org/ns/synapse">
<http method="get" uri-template="http://localhost:9192/service/foodservice">
<authentication>
<oauth>
<passwordCredentials>
<clientId>clientId</clientId>
<clientSecret>clientSecret</clientSecret>
<username>internal-user</username>
<password>abc@123</password>
<tokenUrl>oauthServerUrl</tokenUrl>
</passwordCredentials>
</oauth>
</authentication>
</http>
</endpoint> |
Send additional parameters in the OAuth request body
By default the grant_type, client_id, and client_secret parameters are sent in the OAuth request body. To send additional parameters you can define them as a list of parameters
...
under the requestParameters tag as shown in the example below.
| Code Block |
|---|
<endpoint name="FoodEP" xmlns="http://ws.apache.org/ns/synapse">
<http method="get" uri-template="http://localhost:9192/service/foodservice">
<authentication>
<oauth>
<clientCredentials>
<clientId>K2RbnGP7VS</clientId>
<clientSecret>9zLrZAYR5b</clientSecret>
<tokenUrl>http://localhost:8678/token</tokenUrl>
<requestParameters>
<parameter name="scope">read_only</parameter>
<parameter name="user_role">tester</parameter>
</requestParameters>
</clientCredentials>
</oauth>
</authentication>
</http>
</endpoint> |
Define dynamic expressions
You can use dynamic values for OAuth configurations such as XPATH, JSON expressions or vault-lookup to get data from a secure vault. Make sure you define the elements within curly brackets.
| Code Block |
|---|
<endpoint name="FoodEP" xmlns="http://ws.apache.org/ns/synapse">
<http method="get" uri-template="http://localhost:9192/service/foodservice">
<authentication>
<oauth>
<clientCredentials>
<clientId>K2RbnGP7VS</clientId>
<clientSecret>{hashicorp:vault-lookup('secret/hello', 'clientSecret')}</clientSecret>
<tokenUrl>http://localhost:8678/token</tokenUrl>
<requestParameters>
<parameter name="scope">{ctx:oauth_scope}</parameter>
</requestParameters>
</clientCredentials>
</oauth>
</authentication>
</http>
</endpoint> |