OAuth2 Authorization Code using the HTTP Connector
home
Illustrates how to handle authorization to a third party service.
Example
In this example, by accessing an HTTP endpoint a user attempts to grant the access to data at Box Service. For this purpose, OAuth authorization triggers. The user is prompted for a user name and password. If successful, clicks a button to grant the access.
Set Up and Run the Example
To follow the steps in this example, you must have a box.com account, which you can create for free if you don't already have one.
Registering an App in the Box Developer Portal
The steps below are only needed in this particular example so that you can test your finished application.
- Go to Box's developer portal: developers.box.com
- If you do not have an account, you need to create one here. If you have one, click My apps in the upper-right corner of the page.
- Click Create a Box Application in the panel on the right. Give it any name, such as MyProxy, then select the Content API.
- Click Configure Application.
- Look for the client_id and the client_secret. Copy these to a safe place, as you will need them later.
- Add a redirect_url. For the purpose of this exercise, set it to https://localhost:8082/redirectUrl.
If you're using HTTPS, as the Box API requires, you must create a keystore and a trust store file to certify the communication. This can be done using the keytool provided by Java, found in the bin directory of your Java installation. Navigate to this directory on your machine using the command line (this is not needed if Java bin directory is contained in your PATH variable), then execute the following command to create a keystore file:
keytool -genkey -alias replserver -keyalg RSA -keystore keystore.jks
You are prompted to create two passwords. Remember these and fill them in the configuration later on (parameters: keystore.password, keystore.keyPassword). The command creates a .jks file in the directory called keystore.jks.
Now you need to export the certificate so that it can be added to the truststore as the trusted certificate:
keytool -export -alias replserver -file client.cer -keystore keystore.jks
This has created a certificate file in client.cer that can now be used to populate your truststore. When added the certificate to the truststore, it must be identified as a trusted certificate to be valid. The password for the truststore must be provided, remember it (a parameter: truststore.password).
keytool -import -v -trustcacerts -alias replserver -file client.cer -keystore trust-store
The two files, the keystore (keystore.jks), and truststore (trust-store), along with their corresponding passwords can be now be used. Move them into the /src/main/resources directory in Mule Studio's Package Explorer.
If you need more help doing this, feel free to use this resource.
Building the example in Studio
- Open http-authorization-code-web.xml in Anypoint Studio and go to Global Elements. Inside TLS Context element replace the values for keystore keyPassword, keystore password and truststore password with the corresponding data you entered while creating a keystore and a trust store using the commandline - see the previous section.
- Go to HTTP Request Configuration element and open the Authentication tab. Fill in the client_id and client_secret you got in the previous section.
- Deploy your Mule Project to the embedded Mule server by right-clicking the project in the Package Explorer, then selecting Run As... > Mule Application.
- In any Web browser, enter the following URL: http://localhost:8081/web/{user-id} Replace {user-id} in the URL above with the user ID.
- Box prompts you to log in with your username and password. Click Authorize. You can use your personal credentials or create a new test account.
- Clicking Grant access to Box (or Deny access to Box as well) redirects you to http://localhost:8081/web/loginDone.
- The example tries to consume a resource using the recently obtained token (in this case, search for items containing the term "mule") and display the result.