nks
Reputation: 13
Api Management Azure OAuth 2.0 without using AAD
Can we use OAuth 2.0 in Azure Api management without using AAD ? We have created our Authentication server for OAuth 2.0 implementation.
Upvotes: 0
Views: 277
Answers (2)
Darrel Miller
Reputation: 142014
If you build your client applications to talk directly to your OAuth2 server to obtain the JWT token, the API Management can validate that JWT Token before allowing access to your API. You can do this using the Validate-Jwt policy that looks like this if your OAuth server supports OpenId configuration:
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
<openid-config url="https://{Your OAuth Server}/.well-known/openid-configuration" />
<required-claims>
<claim name="id" match="all">
<value>insert claim here</value>
</claim>
</required-claims>
</validate-jwt>
More examples of how to use this policy can be found here
Upvotes: 2
Matt Farmer
Reputation: 271
Yes, there is no requirement to use AAD, any OAuth 2.0 server should work.
Upvotes: 1
Related Questions
- API Management Basic Authentication
- Azure API Management, single API accept AAD or subscription key
- Authenticate Azure API Management with OAuth2 using Azure AD
- Authenticate Against Azure API Management
- Azure API Management: Oauth2 with backend API
- Use Azure Api Management as a passthrough
- Access to API through Azure API Management without setting Ocp-Apim-Subscription-Key
- Authorisation with Azure API Management and oAuth2
- Azure API Management with OAuth2.0 and AAD?
- Azure API Management - OAuth server Token endpoint?