Securing an API using Open ID Connect from AAPIM : Part 1 Register an application in Azure AD to represent the API

Introduction

Configuring OpenID Connect for your APIs hosted in Azure API Management adds an extra layer of security and prevents unauthorized access. This is a very important configuration form Security point of view for your Endpoints and is provided out of the box by Azure. This is the first part of a series of Blogs on Securing your API using OpenID Connect in Azure API Management. Please go through all the parts to find easy and detailed steps that will help you configure the OpenID Connect Authentication.

Note: This Blog will demonstrate the steps to configure and test the Open ID connect Authentication with Developer portal (Legacy). The steps are similar for Developer Portal Open ID connect Authentication Configuration. But it is worth noting that the Developer Portal currently only supports Implicit Mode of Authentication and might give you a 401 Error.

Register an application in Azure AD to represent the API

1. Go to the Azure portal to register your application. Search for and select APP registrations.

2. Select New registration.

Image for post

3. When the Register an application page appears, enter your application’s registration information:

o In the Name section, enter a meaningful application name that will be displayed to users of the app, such as “Test_OIDC”.

o In the Supported account types section, select option as required (Multi_tenant).

Image for post

4. In the Redirect URI section, select Web and enter the Azure APIM Developer Portal (Legacy App) URL.

Image for post

5. Select Register to create the application.

Image for post

6. On the app Overview page, find the Application (client) ID value and record it for later.

Image for post

7. Enable the OAuth2 implicit flow for Implicit Auth.

Image for post

Now, create a client secret for this application to use in a subsequent step.

1. From the list of pages for your client app, select Certificates & secrets, and select New client secret.

2. Under Add a client secret, provide a Description. Choose when the key should expire and select Add.

Image for post
Image for post

Links to All Blogs of this Series

Part 1: Register an application in Azure AD to represent the API 

Part 2: Configure/Setup and Enable Open ID Connect in the Developer Console

Part 3: Successfully call the API from the developer portal (legacy) 

Part 4: Configure a JWT validation policy to pre-authorize requests 


Share Story :