Last active
April 15, 2016 20:34
-
-
Save tbruno/4e4c85d56d0b5d4c5f93a63b8af89bd9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
id: client-id-enforcement | |
name: Client ID enforcement | |
supportedPoliciesVersions: ['v1', 'v2', 'v3', 'v4', 'v5', 'v6', 'v7','v8'] | |
description: | | |
All calls to the API must include a client ID and client secret for an application that is registered to use the API. | |
This policy will require updates to the RAML definition in order to function. You can obtain the RAML snippet and learn more [here](https://docs.mulesoft.com/anypoint-platform-for-apis/client-id-based-policies). | |
category: Compliance | |
type: system | |
standalone: true | |
requiresConnectivity: false | |
providedCharacteristics: | |
- Client ID required | |
requiredCharacteristics: [] | |
configuration: | |
- propertyName: credentialsOrigin | |
name: Credentials origin | |
options: | |
- name: HTTP Authorization Header. | |
value: httpAuthorizationHeader | |
- name: Custom Expression | |
value: customExpression | |
description: Origin of the Client ID and Client Secret credentials. | |
type: radio | |
defaultValue: customExpression | |
optional: false | |
sensitive: false | |
allowMultiple: false | |
- propertyName: clientIdExpression | |
name: Client ID Expression | |
description: Mule Expression to be used to extract the Client ID from API requests | |
type: expression | |
defaultValue: "#[message.inboundProperties['http.query.params']['client_id']]" | |
optional: false | |
sensitive: false | |
allowMultiple: false | |
renderKey: credentialsOrigin | |
renderValue: customExpression | |
- propertyName: clientSecretExpression | |
name: Client Secret Expression | |
description: Mule Expression to be used to extract the Client Secret from API requests | |
type: expression | |
defaultValue: "#[message.inboundProperties['http.query.params']['client_secret']]" | |
optional: true | |
sensitive: false | |
allowMultiple: false | |
renderKey: credentialsOrigin | |
renderValue: customExpression | |
ramlSnippet: | | |
Client ID based policies by default expect to obtain the client ID and secret as query parameters. To enforce this in the API definition a trait can be defined in RAML as shown below. | |
``` | |
traits: | |
- client-id-required: | |
queryParameters: | |
client_id: | |
type: string | |
client_secret: | |
type: string | |
``` | |
This trait must then be applied to the resource or methods using the `is` RAML attribute. | |
``` | |
/products: | |
get: | |
is: [client-id-required] | |
description: Gets a list of all the inventory products. | |
``` | |
Please read [Applying Resource Types and Traits](https://github.com/raml-org/raml-spec/blob/master/raml-0.8.md#resource-types-and-traits) section on RAML documention for more information. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment