Authorize client applications based on scopes using Okta & Anypoint Platform JWT Policy

Authorize client applications based on scopes using Okta & Anypoint Platform JWT Policy | APIManager

Рет қаралды 1,301

Күн бұрын

Пікірлер: 19

@vsingh-26 2 жыл бұрын

The most clear and logical explanation on KZbin about Mulesoft JWT policy using Okta. Other videos I have seen where I was totally confused because the presenters created "external identities" in Mulesoft for JWT policy, which totally defeats the purpose of managing client id/client secret in Okta. Thank you for this perfect explanation.

@MuleAceAcademy 2 жыл бұрын

Thanks for appreciation 🤗

@vsingh-26 2 жыл бұрын

@@MuleAceAcademy Hi Ashish, I do have a question about this policy. Does this JWT Validation policy validates if the token is still valid and hasn't expired? Also what is the difference between "OAuth 2.0 Access Token Enforcement Using Mule OAuth Provider Policy" and "JWT Validation Policy". There is another policy too "OpenID Connect OAuth 2.0 Token Enforcement Policy". They all appear to be similar, is it possible for you to explain? Thanks

@MuleAceAcademy 2 жыл бұрын

@@vsingh-26 Yes JWT Policy check Token validity using Expiry time (exp claim): Anypoint Platform check if the token has not expired. Below policy looks same but they are different. 1. OAuth 2.0 Access Token Enforcement Using Mule OAuth Provider Policy - It needs your own implementation of Mule Auth server. 2. JWT Validation Policy - It needs external Auth server but no integration with Anypoint Platform. 3. OpenID Connect OAuth 2.0 Token Enforcement Policy - It needs external Auth server and integration with Anypoint Platform.

@vsingh-26 2 жыл бұрын

@@MuleAceAcademyThank you very much. You are the best!!

@IntegrationBytes 2 жыл бұрын

Very well explained 👍

@srkomma Жыл бұрын

Great video but I still don't get the Groups part. How does a Group in Okta tie up with Anypoint ? I have a scenario where monitoring group/app should have access to only to healthcheck endpoint while API clients have access to all other endpoints. Please let me know if you can help me figure out.

@ZeroCool-zb7sn 7 ай бұрын

Thank you so much for this video. I do have a question. Could you please help to explain How JWT Validation Policy is different than OpenId access token enforcement policy? help us with valid use cases for both of them to understand it better.

@pavanch6304 2 жыл бұрын

Hi Sir, Good afternoon I have a query.how to do the recertification for users integrated with Azure

@vsingh-26 5 ай бұрын

I don't know if this is the correct video to ask this question but what does it mean by statement "Anypoint Platform acts as a client provider by default"? What is a "Client Provider" in the context of Client Management in Anypoint Platform?

@MuleAceAcademy 5 ай бұрын

@@vsingh-26 Yes you are right however if you want an external client provider like okta then client management is used to integrate an external client provider.

@vsingh-26 5 ай бұрын

@@MuleAceAcademy after we add external client providers like Okta, do we get an option to select a particular client provider while requesting access to a API?

@MuleAceAcademy 5 ай бұрын

@@vsingh-26 it will allow the use of an external client provider only

@vsingh-26 5 ай бұрын

@@MuleAceAcademy so you mean you can no longer use the client provider which comes out of box in Anypoint platform. How about if there are multiple external client providers configured, will these be shown as options during request access?

@MuleAceAcademy 5 ай бұрын

@@vsingh-26 yes

@vsingh-26 2 жыл бұрын

Can "JWT Validation policy" be used for Websocket APIs?

@MuleAceAcademy 2 жыл бұрын

I don't think so. API Manager does not support WebSockets. only HTTP

@vsingh-26 2 жыл бұрын

@@MuleAceAcademy Mulesoft support confirmed the same thing. Thanks.