Secure Mule API With OIDC OAuth 2.0 using Azure AD as Client Provider.
Вставка
- Опубліковано 12 тра 2023
- This video explains and demo, how to secure Mule API with OIDC OAuth 2.0 using Azure Active Directory as a Client Provider. This video demo following in detail:
- Azure Active Directory setup required for Client Provider configuration
- Configure Client Provider in Anypoint Access Management
- Configure OpenID Connect OAuth 2.0 Token Enforcement Policy in Anypoint API Manager
- Steps to invoke OAuth 2.0 secured Mule API from client. - Наука та технологія
Hi Sanjeev, thanks for many great videos. When you create client secrets to Azure AD they expire in 6 months. Is there a way to change that? Did you figure out a proper way to renew the client secrets? So that the new secret would be easy to deliver to the party that requested access.
This video is very helpful! However I am not able to see the grant type when trying to crate new application. In Exchange, have any idea how to fix that? Or what security schema should I add in my raml?
How to add authorizationGrants under securitySchemes in RAML specification I showed in few videos only to keep the video time short of other videos but you can check ua-cam.com/video/Zxo9yKRhyNI/v-deo.html here I showed how to add securitySchemes in RAML specification.
You can also check time line 10:20 in this video to see available OAuth2.0 Grant type option for "Create new application"
@@sanjeev.tripathi I wonder if you have tried to secure your mule API with azure add recently. Now grant types are moved to be managed by client provider setting
@@sanjeev.tripathi I keep receiving {error: “The required scopes are not authorized”} 403 Forbidden
Hello Sir for your video but I don't see "OpenId Connect access token enforcement (SECURITY)" in API Manager Policie??
You are right and it is as expected. Now please follow full video.
I didn't find any open ID connect token enforcement policy in my api manager. How to find out.
Given that AAD/EntraID does not support inrospection, how can you be truly sure that your Anypoint policy for OpenID Connect Access Token Enforcement is really validationg things?
In case of Azure AD token validation is being performed by Anypoint Platform's implementation for token introspection endpoint.