Thursday, August 23, 2018

Mule 4 - Retrieve client id from an API with client ID enforcement policy


This article describes how one could retrieve the client_id that is consuming an API protected by client ID enforcement policy in API Manager.

Assumptions:
1. The API is exposed from Anypoint Runtime - API Manager
2. The API policy is applied - Client ID enforcement

3. The client is has requested access to the API via exchange
4. The client is using Basic Authentication to login to the API with client id and secret key.

How it works:
Since the client application is using Basic Authentication to access Mulesoft API, we will always have the header value as below. This value is in a fixed format, which is username:password encoded with Base64.



Note: this is not a very secure method as anyone with basic understanding of authentication would be able to decode and decipher the information. As such, this should always be used together with SSL to avoid unauthorized users from retrieving login information.

We can use Dataweave 2.0 to retrieve the header from attributes.headers.authorization.
Following that, Base64 decode the value and split the value to extract the client id.

Example of Dataweave which sets the payload to be the extracted client id:

%dw 2.0
import * from dw::core::Binaries
output application/java
---
(fromBase64((attributes.headers.authorization replace "Basic " with "")) splitBy(":"))[0] default ""

4 comments:

goformule said...

Very informative post for mulesoft developers.You can also visit goformule.com for mulesoft stuff.

Priya said...

Reading this article is useful for everyone. Thanks for posting this wonderful article.
Mulesoft Online Training
Mulesoft Training in Hyderabad

svrtechnologies said...

Thanks for Sharing such an useful and informative stuff...


mulesoft 4 training

Peter Johnson said...

This is really great informative blog. Keep sharing. top 10 micronutrients company in india

Related Posts Plugin for WordPress, Blogger...