question

NT-6523 avatar image
0 Votes"
NT-6523 asked MikeUrnun commented

OAuth 2.0 for Azure APIM API Client authentication

Hi,

I am trying to enable OAuth 2.0 for authenticating the clients that consume APIs on Azure APIM. Below is the Azure doc that I followed. But, the option for OAuth 2.0 does not show up in Developer Portal. Is there anything else to be done apart from what is described here?

https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-oauth2
https://techcommunity.microsoft.com/t5/azure-paas-blog/protect-api-s-using-oauth-2-0-in-apim/ba-p/2309538

Thanks
NT

azure-active-directoryazure-api-management
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @NT-6523 - Could you clarify which APIM pricing tier you're on? Consumption & Basic SKUs don't support OAuth integration. I would also try the Developer Portal in an Incognito mode of the browser, and sign in as a non-admin user.

0 Votes 0 ·

1 Answer

NT-6523 avatar image
0 Votes"
NT-6523 answered MikeUrnun commented

@MikeUrnun Thanks for the suggestions. I republished the developer portal and the option for OAuth 2.0 showed up un the developer portal now. But, the now it's throwing an error related to scope. Details below.

{"code":"Unauthorized","message":{"error":"invalid_scope","error_description":"AADSTS1002012: The provided value for scope default is not valid. Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI).\r\nTrace ID: 4ff6a498-f3f8-4f8d-9b10-26333a901300\r\nCorrelation ID: cdfb2d4e-1878-4414-925b-5f4e0bfeaec8\r\nTimestamp: 2021-12-16 17:44:34Z","error_codes":[1002012],"timestamp":"2021-12-16 17:44:34Z","trace_id":"4ff6a498-f3f8-4f8d-9b10-26333a901300","correlation_id":"cdfb2d4e-1878-4414-925b-5f4e0bfeaec8"}}

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@NT-6523 It seems like the grant type isn't configured and permission scope wasn't added to the AAD app: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-oauth2#authorization-grant-types

0 Votes 0 ·

@NT-6523 Just checking in, were you able to resolve this issue?

0 Votes 0 ·