locked
Configure OAuth for target API in Azure API Management Portal RRS feed

  • Question

  • I want to use Azure API Manager to be the proxy for another API I have. However, that other API requires OAuth token (generated by Azure AD login). Is there any way to configure this in API Management portal so that end user doesn't need to pass Authorization header with Bearer token?

    Jatin Patel

    Tuesday, April 19, 2016 1:01 AM

All replies

  • Hello Jatin,

    Thank you for posting here!

    In API management, the bearer token is used for security for authorization. SO, as per my understanding the end user needs to pass Authorization header with Bearer token.

    We are researching more on this query and will get back to you with an update.

    Regards,

    Tuesday, April 19, 2016 12:36 PM
  • You can use send-request policies in APIM to obtain the OAuth token from Azure AD. Then use the Set-header policy to set it in the request going to your backend. 
    • Proposed as answer by Swikruti Bose Thursday, April 28, 2016 8:59 AM
    Thursday, April 21, 2016 8:56 PM
  • Its not clear to me what parameters would need to be set in send-request to get Azure AD JWT token. It would be great if you can point me to some reference code doing similar request.

    Wondering if Azure APIM is planning to support a call equivalent to Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireToken() to acquire Azure AD JWT token? Link below describes how to use validate-jwt to validate token. It would be nice to have something like acquire-jwt.

    https://azure.microsoft.com/en-us/documentation/articles/api-management-sample-send-request/


    Jatin Patel

    Friday, May 20, 2016 7:52 PM