Calling a protected API with OAuth2.0 and Azure Functions

Question

as the title suggests I'm almost completely lost on how to properly set up OAuth2.0 with an Azure function app which works with http triggers.

The API I'm calling does not support implicit flow and only allow the Authorization Code Flow. My original plan was to follow this guide to get the proper token. But this Client Credential flow makes no use of a redirect uri.

I'm thinking I need to create a an endpoint such as "https://{baseAddress}:{portNumber}/api/oauth/token" which can function as the redirect uri. Then I can store the token in a service and use it/refresh it when needed. But i'm concerned that the redirecting will disrupt the state of the application and not work properly.

Is there a demonstarted example of the Applicaiton Code Grant Flow with azure functions? I would very much appreciate some guidance/other resources.

Answer 1

As suggested by @Anand Sowmithiran. Here is the flow for using Azure function oauth based authorization and calling an external based API using bearer token.

Here is the sample code for requesting Authorization code.

// Line breaks for legibility only

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read%20api%3A%2F%2F
&state=12345
&code_challenge=YTFjNjI1OWYzMzA3MTI4ZDY2Njg5M2RkNmVjNDE5YmEyZGRhOGYyM2IzNjdmZWFhMTQ1ODg3NDcxY2Nl
&code_challenge_method=S256

For complete information you can check this document.