Reputation: 13
password credentials grant type usage in HTTP Requestor of Mulesoft
I need to access an API which requires password credentials grant type to be used in authentication. But Mulesofts HTTP Request config supports only OAuth2 Authorization Code Grant Type Authentication and OAuth2 Client Credentials Grant Type Authentication.
Is there a way to incorporate password credential grant type in the http request config by using some workaround? Or how can I access the API using password credential grant type from the Mulesoft HTTP connector?
I tried to use the client credential grant type instead of password credentials grant type in HTTP request config, but it is giving me 401 Unauthorized error while calling token url.
Upvotes: 1
Views: 576
Answers (2)
Reputation: 306
An alternative approach is to carry out the token request independently by utilizing the token URL and the appropriate authentication mechanism (OAuth2.0 password credentials grant type - It goes into the request body), to acquire the access token. With this access token (in a separate HTTP request), you can then authenticate with the target server's API and access the protected resource. This method represents the standard procedure.
However, when using the Mule HTTP Requestor in conjunction with OAuth configuration, this process becomes abstracted and there are some benefits. Upon deployment, the HTTP Requestor automatically sends a request to the Token URL, extracting access token/refresh token/expiration time from the response, and storing them in an object store for future requests until the token expires. Also it effectively manages token expiration and regenerates tokens as needed. You can read more about it in the docs and understand how it works internally.
As the Mule HTTP Connector lacks support for the OAuth Password Credentials Grant type, you will need to redesign your integration flow to implement the entire process.
Upvotes: 0
Reputation: 433
Unfortunately, MuleSoft HTTP connector doesn't support the OAuth Password Credentials Grant type and I am not able to see an alternate way to get it done using the HTTP connector.
For more information kindly refer to this MuleSoft article HTTP Connector do not support the OAuth Password Credentials Grant type
It's important to note: Utilizing the password credentials grant is advised against, as it poses a security risk by exposing the resource owner's credentials.
Thank you!
Upvotes: 0
Related Questions
- OAuth2: What is the difference between the JWT Authorization Grant and Client Credentials Grant with JWT client authentication?
- Need an OAuth2 server that supports "client credentials" grant type
- What is the purpose of the implicit grant authorization type in OAuth 2?
- Spring Security 5 OAuth2 client password grant type
- Does Mule support password grant type for OAuth2
- Are Client Credentials optional in the oAuth2 Resource Owner Password Credentials Grant flow?
- DotNetOpenAuth OAuth 2.0 Authorization Server with Password grant
- How to keep the client credentials confidential, while using OAuth2's Resource Owner Password Credentials grant type