Jump to content
  • TIBCO Mashery® OAuth2 client and server samples

    Deepesh Tiwari

    Table of Contents

    • About these samples
    • Content
    • What you will use
    • Prerequisites
    • Accessing content
    • Running samples
    • Client
    • Server

    About these samples


    This is a simple set of applications written in Node.js Express aimed at demonstrating API Management with end-user, OAuth2-based security with TIBCO Mashery. The client application sample impersonates the web/mobile application that would need to consume OAuth2 protected resources hosted on TIBCO Mashery, whereas the server application acts as an OAuth2 Authorization Server and leverages the Mashery OAuth2 API (also called the OAuth2 Accelerator).

    Note that only the authorization code grant is illustrated, whereas TIBCO Mashery would support the three other grant types.

    Finally, bear in mind that this is illustrative code and that as such there is probably a lot of room for improvement. Feel free to contribute!

    What you will use

    • TIBCO Mashery®
    • Node.js Express
    • Git and Github


    Know-how prerequisites

    OAuth2 is not extremely complicated but if you are new to the subject, it may feel a bit overwhelming and some time will be required for it to sink in. A lot of good material is available to get started:

    There is also a series of community articles written by TIBCO's excellent Andy Hampshire. They give a lot more details about how TIBCO Mashery supports OAuth2 (including a lot of the background required to understand how the server part of the code works) and how to configure your APIs in the Mashery Command Centre to accept OAuth2:

    Material prerequisites

    The samples rely on Node.js Express. As a result, you will need to set up a basic environment to run Node.js:

    • Node.js
    • npm, the node package manager,
    • Git.

    Mozilla.org has a very comprehensive tutorial on how to set up Node.js and npm. Node.js being a broad subject, I would advise to use these samples only if/once you have acquired Node.js basics.

    In order to use the samples, you will need:

    • a running, OAuth2-enabled instance on which you have administration rights - note that some trial instances do not come with OAuth2 enabled,
    • an API key to invoke TIBCO Mashery's own API. This can be procured from the developer.mashery.com website by registering. It will be send with a secret value that will also required,
    • the Site ID of your Mashery instance, which can be procured from TIBCO Support.

    Finally you will need to select one of your TIBCO Mashery API Definitions to be the OAuth2 target private resource and make good note of its Service ID. This is fairly  easy to do as this ID is part of URL when you edit an API Definition in Mashery Control Centre (it will show as https://yourdomain.admin.mashery.com/control-center/api-definitions/Serv...). This API (and its endpoints) will obviously need to be configured in TIBCO Mashery Command Centre for use with OAuth2. Please refer to Andy Hampshire's tutorial for guidance.

    Accessing content

    All the content has been made available from a GitHub repository named mashery-oauth-demo, ensuring that you always access the latest version.

    You will need to clone the repository locally on your computer. Github has documentation for that.

    Running samples

    All the preliminary configuration as well as the instructions to run both samples are detailed on repository README.


    Here are a few illustrations of the Client UI, which is very basic, but could easily be customised.





    Here are a few illustrations of the Server UI, which is also very basic, but could easily be customised.



    User Feedback

    Recommended Comments

    There are no comments to display.

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

  • Create New...