Azure API Management - REST API end points for Authorization Code

1
votes

I have configured OAuth 2.0 security for Azure API Management and had done the required setup for the authentication flow (reference - https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad).

I am able to test the Authorization code generation and successful token validation from API Management Developer console.

But I need to integrate this solution with client application through REST API. Here I am facing issues figuring out what are the API endpoints to be called to generate the Authorization Code to use as Authorization header for API Management APIs.

Please share REST API endpoints and headers details to be passed to generate OAuth 2.0 authorization code API Management.

Thanks, Narasimha

1
azure-active-directoryazure-api-management

1 Answers

0
votes

APIM integration with OAuth via registration of authorization server is purely for documentation. Service itself at runtime will not use this token in any way, it's only to identify that your APIs require such token.

There is nothing special in how APIM handles OAuth, to understand how OAuth works start here: https://tools.ietf.org/html/rfc6749.

Possibly the simplest flow to implement support for OAuth is implicit flow, if you configured one with APIM, then you can even use browser's developer console or Fiddler or similar tool to inspect HTTP requests performed, to see how it works. Other flows require server-side support and you will not be able to inspect them that easily.