This is the latest release in the 6.x.x family. For EI 7.0.0, click here.

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The passwordCredentials element contains the following parameters that are used to configure OAuth for the endpoint. All of the following attributes are required.

Property NameDescription
clientIdThe Client ID provided by the service when you register your application.
clientSecretThe Client Secret provided by the service when you register your application.
usernameUsername of the user.
passwordPassword of the user.
tokenUrlThe token endpoint URL given by the service to obtain the access tokens.
Code Block
<endpoint name="FoodEP" xmlns="http://ws.apache.org/ns/synapse">
    <http method="get" uri-template="http://localhost:9192/service/foodservice">
        <authentication>
            <oauth>
                <passwordCredentials>
                    <clientId>clientId</clientId>
                    <clientSecret>clientSecret</clientSecret>
                    <username>internal-user</username>
                    <password>[email protected]</password>
                    <tokenUrl>oauthServerUrl</tokenUrl>
                </passwordCredentials>
            </oauth>
        </authentication>
    </http>
</endpoint>
Send additional parameters in the OAuth request body

By default the grant_type, client_id, and client_secret parameters are sent in the OAuth request body. To send additional parameters you can define them as a list of parameters under the requestParameters tag as shown in the example below.

Code Block
<endpoint name="FoodEP" xmlns="http://ws.apache.org/ns/synapse">
    <http method="get" uri-template="http://localhost:9192/service/foodservice">
        <authentication>
            <oauth>
                <clientCredentials>
                    <clientId>K2RbnGP7VS</clientId>
                    <clientSecret>9zLrZAYR5b</clientSecret>
                    <tokenUrl>http://localhost:8678/token</tokenUrl>
	        <requestParameters>
                     	<parameter name="scope">read_only</parameter>
                  	<parameter name="user_role">tester</parameter>
                     </requestParameters>	
                </clientCredentials>
            </oauth>
        </authentication>
    </http>
</endpoint>


Define dynamic expressions

You can use dynamic values for OAuth configurations such as XPATH, JSON expressions or vault-lookup to get data from a secure vault. Make sure you define the elements within curly brackets.

Code Block
<endpoint name="FoodEP" xmlns="http://ws.apache.org/ns/synapse">
    <http method="get" uri-template="http://localhost:9192/service/foodservice">
        <authentication>
            <oauth>
                <clientCredentials>
                    <clientId>K2RbnGP7VS</clientId>
                    <clientSecret>{hashicorp:vault-lookup('secret/hello', 'clientSecret')}</clientSecret>
                    <tokenUrl>http://localhost:8678/token</tokenUrl>
	        		<requestParameters>
                     	<parameter name="scope">{ctx:oauth_scope}</parameter>
                     </requestParameters>	
                </clientCredentials>
            </oauth>
        </authentication>
    </http>
</endpoint>