Sync client applications between Okta and Anypoint Platform when no client provider is integrated
MuleSoft Community
Welcome to the MuleSoft Community page keeping MuleSoft Developers, Architects, and Business Users informed!
External client providers can be integrated with Anypoint Platform to authorize client applications by applying an OAuth 2.0 policy to access your API. You need an OAuth 2.0 provider to use an OAuth 2.0 policy. In this blog, I will walk you through how to sync Okta client applications with Anypoint Platform client applications in Exchange manually when there is no external client provider integrated with Anypoint Platform for Dynamic Client registration.
Overview
Pre-requisites
NOTE: All new trial accounts come with the required entitlements enabled by default.
Take away from this use case
Okta setup
Create New Web App Integration
Anypoint Platform Setup
领英推荐
Create Client Application in Anypoint Platform with same client credentials from Okta
Anypoint Platform does not provide any Web UI to replicate a client application from Okta to Anypoint Platform; rather it always creates a new set of client_id and client_secret. To bypass this gap, we can use an Anypoint Platform Exchange API, which lets you create a new client application with provided details (including client_id and client_secret).
Execute the curl command below and it will create a client application in exchange with the same credentials as Okta.
curl --location --request POST 'https://anypoint.mulesoft.com/exchange/api/v2/organizations/{business_group_id}/applications?apiInstanceId={API Instance ID}'
--header 'Authorization: bearer {bearerToken} ' \
--header 'Content-Type: application/json' \
--data-raw '{
? "description": "Test Client",
? "name": "test-client-1",
? "grantTypes": [
? ? "password",
? ? "implicit",
? ? "client_credentials",
? ? "authorization_code",
? ? "refresh_token"
? ],
?"redirectUri":
? ? "https://localhost:9090/callback"
? ],
? "url": "https://localhost:9090",
? "clientId": "client_id from Okta",
? "clientSecret": "client_secret from Okta"
}'
Receive a successful response:
? ? "redirectUri": [
? ? ? ? "https://localhost:9090/callback"
? ? ],
? ? "name": "Client Web App",
? ? "description": "Test Client",
? ? "url": "https://localhost:9090",
? ? "clientId": "client_id from Anypoint",
? ? "clientSecret": "client_secret from Anypoint",
? ? "masterOrganizationId": "{Business_Group_ID}",
? ? "grantTypes": [
? ? ? ? "password",
? ? ? ? "implicit",
? ? ? ? "client_credentials",
? ? ? ? "authorization_code",
? ? ? ? "refresh_token"
? ? ],
"id": 1340096
? ? "clientProvider": {
? ? ? ? "providerId": null
? ? }
}
Conclusion
As you can see above, we are able to sync client web applications from Okta with Anypoint Platform. Until the Client Provider integration is done, we would need to keep these systems in sync manually. Here is how we can make it work: Whenever a new consumer (a system, like, ABC, XYZ, etc) requests to access MuleSoft API, they will need a client application to be created in both Okta and Anypoint Platform. The order of the client application creation must be - first create the client app in Okta and then replicate that client application in Anypoint Platform. Without replicating the client application in Anypoint, client_id validation won't be possible.
Author
Ashish Pardhi, MuleSoft Mentor at Apisero
Mulesoft mentor /speaker/ architect & Leader at Accenture in India
2 年I believe if we need to integrate okta with ap , you mediator service woth okta apis so that I stead of we creating it manually, we can have it automated
Practice Lead - MuleSoft | MuleSoft Ambassador | YouTuber @ Mule Ace Academy
2 年Thanks Sabrina Hockett for sharing this news. ??