question

Karduan-4265 avatar image
0 Votes"
Karduan-4265 asked PramodValavala-MSFT answered

Azure AD, APIM Authentication Methods and Issues

Hello All,
I have recently started working on a big project where I have a set of external API's already running assuming on example.com/api/ JWT Symfony based. And Now I'm planning to create another setup of API's which would work under APIM of Azure. I have some questions and confusions what to chose and what should be the best option in below listed requirements? I have gone through a lot of documentation but unable to find the answers relevant.

1- Can I get a Listing Of all options for the authentication flow of under Azure AD or APIM –
Signin, SignOut or Auto SignOut /Expiry/Signup URL's and policy?
2- Custom Authentication – Is it possible that I can use my example.com/api to pass thorugh the APIM and also able to validate the JWT token of my side using the in-bound policy inside the APIM?
4- What other Possible Options for the Further Authentication Under Azure for the RESTful and Serverless Services are available.

What I wanted to Acheive?

1- Either have All API's Under APIM gateway using Oauth Client - Credentials - Already tested and it worked fine.

2- Wants to use my own Authentication and Authorization System for some business reason besides the Point 1 but wanted to validate the token from APIM.

3- How can I use any external API or Azure Hosted Custom API to go through APIM and allow me control on Customization of Security Layer?

4- The best way to connect my Mobile, Desktop/Web Apps to Get authorized from APIM providing High Security for Users without Consent and make it working with both Internal API's or External Self Hosted Or even App Service Based API's?

Thanks


azure-api-managementazure-application-gatewayazure-ad-authentication-protocolsazure-managed-identityazure-webapps-authentication
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

PramodValavala-MSFT avatar image
0 Votes"
PramodValavala-MSFT answered

@Karduan-4265 Here are some insights to the best of my knowledge and understanding of your scenario

Can I get a Listing Of all options for the authentication flow of under Azure AD or APIM – Signin, SignOut or Auto SignOut/Expiry/Signup URL's and policy?

Azure APIM itself doesn't really provide an authentication flow when making requests to APIs configured. It can authorize requests for APIs that use the validate-jwt policy, however. Most examples in the docs refer to setting this up with Azure AD but you are free to use any OAuth 2.0 or OpenID Connect identity provider.

Custom Authentication – Is it possible that I can use my example.com/api to pass thorugh the APIM and also able to validate the JWT token of my side using the in-bound policy inside the APIM?

Yes. Unless you use the validate-jwt policy, the default is to passthrough.

What other Possible Options for the Further Authentication Under Azure for the RESTful and Serverless Services are available

Azure APIM also supports using a subscription key and another option would be to use client certificate authentication.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.