Authorization Server - Update

Service:

API Management

API Version:

2022-08-01

Updates the details of the authorization server specified by its identifier.

PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/authorizationServers/{authsid}?api-version=2022-08-01

URI Parameters

Name	In	Required	Type	Description
authsid	path	True	string	Identifier of the authorization server. Regex pattern: ^[^*#&+:<>?]+$
resourceGroupName	path	True	string	The name of the resource group. The name is case insensitive.
serviceName	path	True	string	The name of the API Management service. Regex pattern: ^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?$
subscriptionId	path	True	string	The ID of the target subscription.
api-version	query	True	string	The API version to use for this operation.

Request Header

Name	Required	Type	Description
If-Match	True	string	ETag of the Entity. ETag should match the current entity state from the header response of the GET request or it should be * for unconditional update.

Request Body

Name	Type	Description
properties.authorizationEndpoint	string	OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2.
properties.authorizationMethods	AuthorizationMethod[]	HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.
properties.bearerTokenSendingMethods	BearerTokenSendingMethod[]	Specifies the mechanism by which access token is passed to the API.
properties.clientAuthenticationMethod	ClientAuthenticationMethod[]	Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.
properties.clientId	string	Client or app id registered with this authorization server.
properties.clientRegistrationEndpoint	string	Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced.
properties.clientSecret	string	Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value.
properties.defaultScope	string	Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values.
properties.description	string	Description of the authorization server. Can contain HTML formatting tags.
properties.displayName	string	User-friendly authorization server name.
properties.grantTypes	GrantType[]	Form of an authorization grant, which the client uses to request the access token.
properties.resourceOwnerPassword	string	Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password.
properties.resourceOwnerUsername	string	Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username.
properties.supportState	boolean	If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security.
properties.tokenBodyParameters	TokenBodyParameterContract[]	Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}.
properties.tokenEndpoint	string	OAuth token endpoint. Contains absolute URI to entity being referenced.
properties.useInApiDocumentation	boolean	If true, the authorization server will be used in the API documentation in the developer portal. False by default if no value is provided.
properties.useInTestConsole	boolean	If true, the authorization server may be used in the developer portal test console. True by default if no value is provided.

Responses

Name	Type	Description
200 OK	AuthorizationServerContract	The authorization server settings were successfully updated. Headers ETag: string
Other Status Codes	ErrorResponse	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

ApiManagementUpdateAuthorizationServer

Sample request

HTTP

PATCH https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/authorizationServers/newauthServer?api-version=2022-08-01


{
  "properties": {
    "clientId": "update",
    "clientSecret": "updated",
    "useInTestConsole": false,
    "useInApiDocumentation": true
  }
}

Java

import com.azure.resourcemanager.apimanagement.models.AuthorizationServerContract;

/** Samples for AuthorizationServer Update. */
public final class Main {
    /*
     * x-ms-original-file: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementUpdateAuthorizationServer.json
     */
    /**
     * Sample code: ApiManagementUpdateAuthorizationServer.
     *
     * @param manager Entry point to ApiManagementManager.
     */
    public static void apiManagementUpdateAuthorizationServer(
        com.azure.resourcemanager.apimanagement.ApiManagementManager manager) {
        AuthorizationServerContract resource =
            manager
                .authorizationServers()
                .getWithResponse("rg1", "apimService1", "newauthServer", com.azure.core.util.Context.NONE)
                .getValue();
        resource
            .update()
            .withUseInTestConsole(false)
            .withUseInApiDocumentation(true)
            .withClientId("update")
            .withClientSecret("updated")
            .withIfMatch("*")
            .apply();
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from typing import Any, IO, Union

from azure.identity import DefaultAzureCredential

from azure.mgmt.apimanagement import ApiManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-apimanagement
# USAGE
    python api_management_update_authorization_server.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ApiManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.authorization_server.update(
        resource_group_name="rg1",
        service_name="apimService1",
        authsid="newauthServer",
        if_match="*",
        parameters={
            "properties": {
                "clientId": "update",
                "clientSecret": "updated",
                "useInApiDocumentation": True,
                "useInTestConsole": False,
            }
        },
    )
    print(response)


# x-ms-original-file: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementUpdateAuthorizationServer.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armapimanagement_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement/v2"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4cd95123fb961c68740565a1efcaa5e43bd35802/specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementUpdateAuthorizationServer.json
func ExampleAuthorizationServerClient_Update() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armapimanagement.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAuthorizationServerClient().Update(ctx, "rg1", "apimService1", "newauthServer", "*", armapimanagement.AuthorizationServerUpdateContract{
		Properties: &armapimanagement.AuthorizationServerUpdateContractProperties{
			ClientID:              to.Ptr("update"),
			ClientSecret:          to.Ptr("updated"),
			UseInAPIDocumentation: to.Ptr(true),
			UseInTestConsole:      to.Ptr(false),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.AuthorizationServerContract = armapimanagement.AuthorizationServerContract{
	// 	Name: to.Ptr("newauthServer"),
	// 	Type: to.Ptr("Microsoft.ApiManagement/service/authorizationServers"),
	// 	ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/authorizationServers/newauthServer"),
	// 	Properties: &armapimanagement.AuthorizationServerContractProperties{
	// 		Description: to.Ptr("test server"),
	// 		AuthorizationMethods: []*armapimanagement.AuthorizationMethod{
	// 			to.Ptr(armapimanagement.AuthorizationMethodGET)},
	// 			BearerTokenSendingMethods: []*armapimanagement.BearerTokenSendingMethod{
	// 				to.Ptr(armapimanagement.BearerTokenSendingMethodAuthorizationHeader)},
	// 				ClientAuthenticationMethod: []*armapimanagement.ClientAuthenticationMethod{
	// 					to.Ptr(armapimanagement.ClientAuthenticationMethodBasic)},
	// 					DefaultScope: to.Ptr("read write"),
	// 					ResourceOwnerPassword: to.Ptr("pwd"),
	// 					ResourceOwnerUsername: to.Ptr("un"),
	// 					SupportState: to.Ptr(true),
	// 					TokenEndpoint: to.Ptr("https://www.contoso.com/oauth2/token"),
	// 					AuthorizationEndpoint: to.Ptr("https://www.contoso.com/oauth2/auth"),
	// 					ClientID: to.Ptr("updated"),
	// 					ClientRegistrationEndpoint: to.Ptr("https://www.contoso.com/apps"),
	// 					DisplayName: to.Ptr("test3"),
	// 					GrantTypes: []*armapimanagement.GrantType{
	// 						to.Ptr(armapimanagement.GrantTypeAuthorizationCode),
	// 						to.Ptr(armapimanagement.GrantTypeImplicit)},
	// 						UseInAPIDocumentation: to.Ptr(true),
	// 						UseInTestConsole: to.Ptr(false),
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ApiManagementClient } = require("@azure/arm-apimanagement");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Updates the details of the authorization server specified by its identifier.
 *
 * @summary Updates the details of the authorization server specified by its identifier.
 * x-ms-original-file: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementUpdateAuthorizationServer.json
 */
async function apiManagementUpdateAuthorizationServer() {
  const subscriptionId = process.env["APIMANAGEMENT_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["APIMANAGEMENT_RESOURCE_GROUP"] || "rg1";
  const serviceName = "apimService1";
  const authsid = "newauthServer";
  const ifMatch = "*";
  const parameters = {
    clientId: "update",
    clientSecret: "updated",
    useInApiDocumentation: true,
    useInTestConsole: false,
  };
  const credential = new DefaultAzureCredential();
  const client = new ApiManagementClient(credential, subscriptionId);
  const result = await client.authorizationServer.update(
    resourceGroupName,
    serviceName,
    authsid,
    ifMatch,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ApiManagement.Models;
using Azure.ResourceManager.ApiManagement;

// Generated from example definition: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementUpdateAuthorizationServer.json
// this example is just showing the usage of "AuthorizationServer_Update" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this ApiManagementAuthorizationServerResource created on azure
// for more information of creating ApiManagementAuthorizationServerResource, please refer to the document of ApiManagementAuthorizationServerResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
string serviceName = "apimService1";
string authsid = "newauthServer";
ResourceIdentifier apiManagementAuthorizationServerResourceId = ApiManagementAuthorizationServerResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, serviceName, authsid);
ApiManagementAuthorizationServerResource apiManagementAuthorizationServer = client.GetApiManagementAuthorizationServerResource(apiManagementAuthorizationServerResourceId);

// invoke the operation
ETag ifMatch = new ETag("*");
ApiManagementAuthorizationServerPatch patch = new ApiManagementAuthorizationServerPatch()
{
    UseInTestConsole = false,
    UseInApiDocumentation = true,
    ClientId = "update",
    ClientSecret = "updated",
};
ApiManagementAuthorizationServerResource result = await apiManagementAuthorizationServer.UpdateAsync(ifMatch, patch);

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ApiManagementAuthorizationServerData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:

200

{
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/authorizationServers/newauthServer",
  "type": "Microsoft.ApiManagement/service/authorizationServers",
  "name": "newauthServer",
  "properties": {
    "displayName": "test3",
    "useInTestConsole": false,
    "useInApiDocumentation": true,
    "description": "test server",
    "clientRegistrationEndpoint": "https://www.contoso.com/apps",
    "authorizationEndpoint": "https://www.contoso.com/oauth2/auth",
    "authorizationMethods": [
      "GET"
    ],
    "clientAuthenticationMethod": [
      "Basic"
    ],
    "tokenEndpoint": "https://www.contoso.com/oauth2/token",
    "supportState": true,
    "defaultScope": "read write",
    "grantTypes": [
      "authorizationCode",
      "implicit"
    ],
    "bearerTokenSendingMethods": [
      "authorizationHeader"
    ],
    "clientId": "updated",
    "resourceOwnerUsername": "un",
    "resourceOwnerPassword": "pwd"
  }
}

Definitions

Name	Description
AuthorizationMethod	HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.
AuthorizationServerContract	External OAuth authorization server settings.
AuthorizationServerUpdateContract	External OAuth authorization server settings.
BearerTokenSendingMethod	Specifies the mechanism by which access token is passed to the API.
ClientAuthenticationMethod	Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.
ErrorFieldContract	Error Field contract.
ErrorResponse	Error Response.
GrantType	Form of an authorization grant, which the client uses to request the access token.
TokenBodyParameterContract	OAuth acquire token request body parameter (www-url-form-encoded).

AuthorizationMethod

HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.

Name	Type	Description
DELETE	string
GET	string
HEAD	string
OPTIONS	string
PATCH	string
POST	string
PUT	string
TRACE	string

AuthorizationServerContract

External OAuth authorization server settings.

Name	Type	Description
id	string	Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
name	string	The name of the resource
properties.authorizationEndpoint	string	OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2.
properties.authorizationMethods	AuthorizationMethod[]	HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.
properties.bearerTokenSendingMethods	BearerTokenSendingMethod[]	Specifies the mechanism by which access token is passed to the API.
properties.clientAuthenticationMethod	ClientAuthenticationMethod[]	Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.
properties.clientId	string	Client or app id registered with this authorization server.
properties.clientRegistrationEndpoint	string	Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced.
properties.clientSecret	string	Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value.
properties.defaultScope	string	Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values.
properties.description	string	Description of the authorization server. Can contain HTML formatting tags.
properties.displayName	string	User-friendly authorization server name.
properties.grantTypes	GrantType[]	Form of an authorization grant, which the client uses to request the access token.
properties.resourceOwnerPassword	string	Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password.
properties.resourceOwnerUsername	string	Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username.
properties.supportState	boolean	If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security.
properties.tokenBodyParameters	TokenBodyParameterContract[]	Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}.
properties.tokenEndpoint	string	OAuth token endpoint. Contains absolute URI to entity being referenced.
properties.useInApiDocumentation	boolean	If true, the authorization server will be used in the API documentation in the developer portal. False by default if no value is provided.
properties.useInTestConsole	boolean	If true, the authorization server may be used in the developer portal test console. True by default if no value is provided.
type	string	The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

AuthorizationServerUpdateContract

External OAuth authorization server settings.

Name	Type	Description
id	string	Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
name	string	The name of the resource
properties.authorizationEndpoint	string	OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2.
properties.authorizationMethods	AuthorizationMethod[]	HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional.
properties.bearerTokenSendingMethods	BearerTokenSendingMethod[]	Specifies the mechanism by which access token is passed to the API.
properties.clientAuthenticationMethod	ClientAuthenticationMethod[]	Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.
properties.clientId	string	Client or app id registered with this authorization server.
properties.clientRegistrationEndpoint	string	Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced.
properties.clientSecret	string	Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value.
properties.defaultScope	string	Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values.
properties.description	string	Description of the authorization server. Can contain HTML formatting tags.
properties.displayName	string	User-friendly authorization server name.
properties.grantTypes	GrantType[]	Form of an authorization grant, which the client uses to request the access token.
properties.resourceOwnerPassword	string	Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password.
properties.resourceOwnerUsername	string	Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username.
properties.supportState	boolean	If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security.
properties.tokenBodyParameters	TokenBodyParameterContract[]	Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}.
properties.tokenEndpoint	string	OAuth token endpoint. Contains absolute URI to entity being referenced.
properties.useInApiDocumentation	boolean	If true, the authorization server will be used in the API documentation in the developer portal. False by default if no value is provided.
properties.useInTestConsole	boolean	If true, the authorization server may be used in the developer portal test console. True by default if no value is provided.
type	string	The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

BearerTokenSendingMethod

Specifies the mechanism by which access token is passed to the API.

Name	Type	Description
authorizationHeader	string
query	string

ClientAuthenticationMethod

Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format.

Name	Type	Description
Basic	string	Basic Client Authentication method.
Body	string	Body based Authentication method.

ErrorFieldContract

Error Field contract.

Name	Type	Description
code	string	Property level error code.
message	string	Human-readable representation of property-level error.
target	string	Property name.

ErrorResponse

Error Response.

Name	Type	Description
error.code	string	Service-defined error code. This code serves as a sub-status for the HTTP error code specified in the response.
error.details	ErrorFieldContract[]	The list of invalid fields send in request, in case of validation error.
error.message	string	Human-readable representation of the error.

GrantType

Form of an authorization grant, which the client uses to request the access token.

Name	Type	Description
authorizationCode	string	Authorization Code Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.1.
clientCredentials	string	Client Credentials Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.4.
implicit	string	Implicit Code Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.2.
resourceOwnerPassword	string	Resource Owner Password Grant flow as described https://tools.ietf.org/html/rfc6749#section-4.3.

TokenBodyParameterContract

OAuth acquire token request body parameter (www-url-form-encoded).

Name	Type	Description
name	string	body parameter name.
value	string	body parameter value.