This is the latest release in the 6.x.x family. For EI 7.0.0, click here.

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If you analyze the log, you will see that a connection from the WebSocket client to the ESB Profile of WSO2 EI is established. You will also see that the sequences are executed by the WebSocket inbound endpoint.

OAuth Properties 
Anchor
OAuth Properties
OAuth Properties

This feature allows users to configure the following OAuth grant types for HTTP endpoints. You can use either Authorization Code grant type (Refresh token grant type), Client Credentials grant type or Password grant type depending on your preferred third-party service.

Table of Contents
maxLevel6
minLevel6

Note

You can use expressions (xpath or json path) to set these properties for. Refer Define Dynamic Expressions below for more details.
If you need to send additional parameters in the OAuth request body you can define them as a list of parameters. Refer Send additional parameters in OAuth request body.

Warning
  1. To use the Authorization Code grant type (Refresh token grant type) or the Client Credentials grant type you need to have WUM update level 1618940493641 or U2 EI 6.6.0.23.
  2. To use the Password grant type you need to have WUM update level 1631543692764 or U2 EI 6.6.0.56.
Authorization Code and Refresh token grant type

The authorizationCode element contains the following parameters that are used to configure OAuth for the endpoint. All of the following attributes are required.

Property NameDescription
clientIdThe Client ID provided by the service when you register your application.
clientSecretThe Client Secret provided by the service when you register your application.
refreshTokenThe Refresh Token obtained from the service while using the Authorization Grant.
tokenUrlThe token endpoint URL given by the service to obtain the access tokens.

An example is shown below.

Code Block
<endpoint name="FoodEP" xmlns="http://ws.apache.org/ns/synapse">
    <http method="get" uri-template="http://localhost:9192/service/foodservice">
        <authentication>
            <oauth>
                <authorizationCode>
                    <clientId>K2RbnGP7VS</clientId>
                    <clientSecret>9zLrZAYR5b</clientSecret>
                    <refreshToken>y2Ne4Fccrj</refreshToken>
                    <tokenUrl>http://localhost:8678/token</tokenUrl>
                </authorizationCode>
            </oauth>
        </authentication>
    </http>
</endpoint>
Client credentials grant type

The clientCredentials element contains the following parameters that are used to configure OAuth for the endpoint. All of the following attributes are required.

Property NameDescription
clientIdThe Client ID provided by the service when you register your application.
clientSecretThe Client Secret provided by the service when you register your application.
tokenUrlThe token endpoint URL given by the service to obtain the access tokens.

An example is shown below.

Code Block
<endpoint name="FoodEP" xmlns="http://ws.apache.org/ns/synapse">
    <http method="get" uri-template="http://localhost:9192/service/foodservice">
        <authentication>
            <oauth>
                <clientCredentials>
                    <clientId>K2RbnGP7VS</clientId>
                    <clientSecret>9zLrZAYR5b</clientSecret>
                    <tokenUrl>http://localhost:8678/token</tokenUrl>
                </clientCredentials>
            </oauth>
        </authentication>
    </http>
</endpoint>
Password grant type

The passwordCredentials element contains the following parameters that are used to configure OAuth for the endpoint. All of the following attributes are required.

Property NameDescription
clientIdThe Client ID provided by the service when you register your application.
clientSecretThe Client Secret provided by the service when you register your application.
usernameUsername of the user.
passwordPassword of the user.
tokenUrlThe token endpoint URL given by the service to obtain the access tokens.
Code Block
<endpoint name="FoodEP" xmlns="http://ws.apache.org/ns/synapse">
    <http method="get" uri-template="http://localhost:9192/service/foodservice">
        <authentication>
            <oauth>
                <passwordCredentials>
                    <clientId>clientId</clientId>
                    <clientSecret>clientSecret</clientSecret>
                    <username>internal-user</username>
                    <password>[email protected]</password>
                    <tokenUrl>oauthServerUrl</tokenUrl>
                </passwordCredentials>
            </oauth>
        </authentication>
    </http>
</endpoint>
Send additional parameters in the OAuth request body

By default the grant_type, client_id, and client_secret parameters are sent in the OAuth request body. To send additional parameters you can define them as a list of parameters under the requestParameters tag as shown in the example below.

Code Block
<endpoint name="FoodEP" xmlns="http://ws.apache.org/ns/synapse">
    <http method="get" uri-template="http://localhost:9192/service/foodservice">
        <authentication>
            <oauth>
                <clientCredentials>
                    <clientId>K2RbnGP7VS</clientId>
                    <clientSecret>9zLrZAYR5b</clientSecret>
                    <tokenUrl>http://localhost:8678/token</tokenUrl>
	        <requestParameters>
                     	<parameter name="scope">read_only</parameter>
                  	<parameter name="user_role">tester</parameter>
                     </requestParameters>	
                </clientCredentials>
            </oauth>
        </authentication>
    </http>
</endpoint>


Define dynamic expressions

You can use dynamic values for OAuth configurations such as XPATH, JSON expressions or vault-lookup to get data from a secure vault. Make sure you define the elements within curly brackets.

Code Block
<endpoint name="FoodEP" xmlns="http://ws.apache.org/ns/synapse">
    <http method="get" uri-template="http://localhost:9192/service/foodservice">
        <authentication>
            <oauth>
                <clientCredentials>
                    <clientId>K2RbnGP7VS</clientId>
                    <clientSecret>{hashicorp:vault-lookup('secret/hello', 'clientSecret')}</clientSecret>
                    <tokenUrl>http://localhost:8678/token</tokenUrl>
	        		<requestParameters>
                     	<parameter name="scope">{ctx:oauth_scope}</parameter>
                     </requestParameters>	
                </clientCredentials>
            </oauth>
        </authentication>
    </http>
</endpoint>