2

我正在使用 RAML 和 API Manager 处理 Mule 项目。按照此处给出的程序

AM 使用 API Manager 来处理与特征相关的服务,例如

  • 简单的安全管理器,
  • OAuth 2.0 提供者和
  • OAuth 2.0 访问令牌强制执行。

我有一个单独的重定向流程,它执行以下操作

  1. 将“状态”设置为 302

  2. 将“位置”设置为下面的 URL

    http://localhost:8081/org/oauth/token?grant_type=authorization_code&&client_id=53a406c3e4b0624da8246eed&client_secret=myclientsecret&code=#[message.inboundProperties.code]&redirect_uri=http://localhost:8081/raml-api-with-oauth/redirect

一切顺利,直到这里。

但是当我尝试点击访问令牌的 url 时,我看到一条消息

{"error":"unauthorized_client","error_description":""}

总结我的问题:

  1. 请帮助我完成“OAuth dance”程序
  2. 我如何设置与 API 的有效合同,以促进 OAuth 舞蹈所需的 clientId 和 clientSecret 的通信。

请帮助我哪里出错了。

RAML 代码:

#%RAML 0.8
title: raml-api-with-oauth
version: v1
baseUri: http://localhost:8081/raml-api-with-oauth
securedBy: [oauth_2_0]
securitySchemes:
    - oauth_2_0:
        description: |
            This supports OAuth 2.0 for authenticating all API requests.
        type: OAuth 2.0
        describedBy:
            headers:
                Authorization:
                    description: |
                       Used to send a valid OAuth 2 access token. Do not use
                       with the "access_token" query string parameter.
                    type: string
            queryParameters:
                access_token:
                    description: |
                       Used to send a valid OAuth 2 access token. Do not use together with
                       the "Authorization" header
                    type: string
            responses:
                401:
                    description: |
                        Bad or expired token. This can happen if the user or Dropbox
                        revoked or expired an access token. To fix, you should re-
                        authenticate the user.
                403:
                    description: |
                        Bad OAuth request (wrong consumer key, bad nonce, expired
                        timestamp...). Unfortunately, re-authenticating the user won't help here.
                404:
                  description: Unauthorized
        settings:
          authorizationUri: org/oauth/authorize
          accessTokenUri: org/oauth/token
          authorizationGrants: [code,token]
          scopes:
            - "READ_RESOURCE"
            - "POST_RESOURCE"
            - basic
            - comments
            - relationships
            - likes
mediaType: application/json
/employee:
  get:
    description:
      This is a Get Call which throws some response in json.
    responses:
      200:
        body:
          application/json:
            example: |
              {
                "empcode" : 1,
                "ename": "Rafiq", 
                "company" : "org"
              }
4

2 回答 2

0

Oauth 策略基于 Mule Enterprise 安全性,为了了解不同类型的授权的舞蹈,请参阅此文档页面:

http://www.mulesoft.org/documentation/display/current/Creating+an+OAuth+2.0a+Web+Service+Provider

于 2015-05-19T21:33:01.140 回答
0

下面的代码代表 oauth 2.0 (raml 1.0) securitySchemes: oauth_2_0: description: | This API supports OAuth 2.0 for authenticating all API requests. type: OAuth 2.0 describedBy: headers: Authorization: description: | Used to send a valid OAuth 2 access token. Do not use with the "access_token" query string parameter. type: string queryParameters: access_token: description: | Used to send a valid OAuth 2 access token. Do not use together with the "Authorization" header type: string responses: 401: description: | Bad or expired token. This can happen if the user or the API revoked or expired an access token. To fix, you should re-authenticate the user. 403: description: | Bad OAuth request (wrong consumer key, bad nonce, expired timestamp...). Unfortunately, re-authenticating the user won't help here. settings: authorizationUri: INSERT_OAUTH2_AUTHORIZATION_URI accessTokenUri: INSERT_OAUTH2_ACCESS_TOKEN_URI authorizationGrants: INSERT_OAUTH2_AUTHORIZATION_GRANTS scope: [READ,WRITE]

  • 一旦您将此代码包含在您的 raml 中,我们需要在 oauth 策略中提供验证 url。https://application-name/validate(外部oauth 提供者)

    或 oauth 提供者应提供 raml 中所需的 url(授权和 access_token 以及验证 url)

    可以使用 oauth 强制执行资源,以便更安全地共享资源。

    从 raml 生成流后,我们需要将应用程序部署到 cloudhub。

    我们需要提供组织 client_id 和 client_secret,以便它提供 access_token 否则它会抛出错误的客户端。

于 2017-10-20T10:26:55.037 回答