Scribd Logo
Upload

Welcome to Scribd!

  • Secure Endpoint With OAuth 2.0 - WSO2 API Manager Documentation 4.0.0

    Uploaded by

    Dishelt Torres
    35 views9 pages

    Original Title

    Secure Endpoint with OAuth 2.0 - WSO2 API Manager Documentation 4.0.0

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    35 views9 pages

    Secure Endpoint With OAuth 2.0 - WSO2 API Manager Documentation 4.0.0

    Uploaded by

    Dishelt Torres

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    Secure Endpoint with OAuth 2.0 - WSO2 API Manager Documentation 4.0.

    0 26/11/21 16:06

    Secure Endpoint with OAuth 2.0

    A secured endpoint is when you have access-protected resources. WSO2 API Manager
    supports Basic Authentication, Digest Authentication, and OAuth 2.0. They differ on
    how the credentials are communicated and how access is granted by the backend
    server.

    OAuth 2.0 is the industry-standard delegation protocol for authorization and focuses on
    client developer simplicity while providing speciHc authorization Iows for applications.
    In other words, OAuth 2.0 enables an application to obtain limited access to an HTTP
    service, without actually revealing a resource owner's long-term credentials or identity.

    OAuth brings in a separate authorization layer in order to separate the role of the client
    from that of the resource owner. In order to gain access to a protected resource, the
    client should obtain a set of properties including an access token, its lifetime, and
    scope instead of credentials of the resource owner, from the backend server.

    Authorization grant types supported by OAuth 2.0


    Endpoint Security

    The OAuth 2.0 Authorization Framework speciHcation declares 4 grant-types to obtain


    an access token. OAuth 2.0 Endpoint Security supports the following grant types:

    1. Client Credentials

    2. Resource Owner Password

    https://apim.docs.wso2.com/en/latest/design/endpoints/endpoint-security/oauth-2.0/ Page 1 of 9
    Secure Endpoint with OAuth 2.0 - WSO2 API Manager Documentation 4.0.0 26/11/21 16:06

    Securing an endpoint with OAuth 2.0 in WSO2 API


    Manager

    When you create an API [https://apim.docs.wso2.com/en/4.0.0/design/create-


    api/create-rest-api/create-a-rest-api] using the API Publisher, you can specify the
    production and sandbox endpoints of the API backend implementation via the
    Endpoints page.

    Follow the instructions below to use OAuth 2.0 as the endpoint authorization type when
    using a secured endpoint and allow WSO2 API Manager to communicate with the
    backend to retrieve access tokens on behalf of the API.

    1. Click Endpoints in API Publisher.

    2. Click the Endpoint Security symbol that corresponds to the endpoint that you want
    to secure with OAuth 2.0.

    [https://apim.docs.wso2.com/en/4.0.0/assets/img/learn/endpoint-security-
    symbol.png]

    3. Click on OAuth 2.0 from the drop-down menu.

    https://apim.docs.wso2.com/en/latest/design/endpoints/endpoint-security/oauth-2.0/ Page 2 of 9
    Secure Endpoint with OAuth 2.0 - WSO2 API Manager Documentation 4.0.0 26/11/21 16:06

    [https://apim.docs.wso2.com/en/4.0.0/assets/img/learn/oauth-2-dropdown.png]

    4. Select the preferred grant-type from the next drop-down menu and enter the
    required properties.

    a. Provide the following properties with regard to Client Credentials:

    https://apim.docs.wso2.com/en/latest/design/endpoints/endpoint-security/oauth-2.0/ Page 3 of 9
    Secure Endpoint with OAuth 2.0 - WSO2 API Manager Documentation 4.0.0 26/11/21 16:06

    Token URL This is the URL for the token endpoint of the OAuth-protected backend
    server.

    Client ID A unique ID used to identify the application.

    Client A unique key that must be known only to the application and the backend
    Secret server.

    b. Provide the following properties with regard to the Resource Owner Password in
    addition to the properties that you entered as the Client Credentials grant-type:

    Username - Username of a user with access to the resource.

    Password - Password of a user with access to the resource.

    https://apim.docs.wso2.com/en/latest/design/endpoints/endpoint-security/oauth-2.0/ Page 4 of 9
    Secure Endpoint with OAuth 2.0 - WSO2 API Manager Documentation 4.0.0 26/11/21 16:06

    [https://apim.docs.wso2.com/en/4.0.0/assets/img/learn/resource-owner-
    password-conHg.png]

    5. If the OAuth-2.0-protected backend server token endpoint requires any other


    properties to be passed in addition to the above, click Add Parameter and provide
    the required properties and their respective values.

    Editing and removing parameter name-value pairs are also supported.

    https://apim.docs.wso2.com/en/latest/design/endpoints/endpoint-security/oauth-2.0/ Page 5 of 9
    Secure Endpoint with OAuth 2.0 - WSO2 API Manager Documentation 4.0.0 26/11/21 16:06

    [https://apim.docs.wso2.com/en/4.0.0/assets/img/learn/oauth-2-add-
    parameter.png]

    \. Click Submit to conHrm the details of the respective endpoint, and then click Save
    and deploy in the Endpoints page to save all the changes.

    https://apim.docs.wso2.com/en/latest/design/endpoints/endpoint-security/oauth-2.0/ Page 6 of 9
    Secure Endpoint with OAuth 2.0 - WSO2 API Manager Documentation 4.0.0 26/11/21 16:06

    [https://apim.docs.wso2.com/en/4.0.0/assets/img/learn/oauth-2-submit-
    button.png]

    https://apim.docs.wso2.com/en/latest/design/endpoints/endpoint-security/oauth-2.0/ Page 7 of 9
    Secure Endpoint with OAuth 2.0 - WSO2 API Manager Documentation 4.0.0 26/11/21 16:06

    [https://apim.docs.wso2.com/en/4.0.0/assets/img/design/endpoints/endpoint-
    security/endpoints-save-button.png]

    ! Info

    The Endpoint Auth Type selected should match with the authentication mechanism supported by
    the secured endpoint.

    Using a Redis Server to handle access token caching


    instead of the default in-memory cache

    OAuth 2.0 Endpoint Security in WSO2 API Manager allows you to use a remote Redis
    Server as a cache to store access tokens and other relevant properties instead of the
    default in-memory cache. This step is highly-recommended when your WSO2 API
    Manager deployment includes multiple API Gateways, in order to allow the sharing of
    access tokens and other relevant properties between API Gateways and prevent the
    irregular syncing of access tokens.

    Follow the instructions below to point WSO2 API Manager to a remote Redis Server

    https://apim.docs.wso2.com/en/latest/design/endpoints/endpoint-security/oauth-2.0/ Page 8 of 9
    Secure Endpoint with OAuth 2.0 - WSO2 API Manager Documentation 4.0.0 26/11/21 16:06

    that you can use as a Cache for OAuth 2.0 Endpoint Security token management:

    Unauthenticated Redis Server

    If you are using an unauthenticated Redis server, you should add the following
    conHguration to the <API-M_HOME>/repository/conf/deployment.toml Hle.

    Format Example

    [redis_config]
    host = {redis-server-hostname}
    port = {redis-server-port}

    Authenticated Redis Server

    If you are using an authenticated Redis server, you should add the following
    conHguration to the <API-M_HOME>/repository/conf/deployment.toml Hle.

    Format Example

    [redis_config]
    host = {redis-server-hostname}
    port = {redis-server-port}
    user = {redis-server-username}
    password = {redis-server-password}
    database_id = {redis-server-database-id}
    connection_timeout = {redis-server-connection-timeout-in-seconds}
    ssl = {redis-server-is-ssl-enabled}

    https://apim.docs.wso2.com/en/latest/design/endpoints/endpoint-security/oauth-2.0/ Page 9 of 9

    You might also like