Share via

How to secure OAuth2 (v2) endpoints

_Omar_ 0 Reputation points
2024-07-04T00:11:36.08+00:00

We working out on deploy OAuth2 with Entra ID endpoints, by default this endpoints are accessible by public internet. For security reasons, we need that traffic to these private endpoints traverses the Microsoft backbone network without ever touching the public Internet. Is there away to this?

We have already a VPN and Expressrote from our onpremise infra to our Azure tenant.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,057 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sandeep Kumar 20 Reputation points
    2024-07-04T04:40:50.82+00:00

    The Open Authorization (OAuth) 2.0 is the industry protocol for authorization. It allows a user to grant limited access to its protected resources. Designed to work specifically with Hypertext Transfer Protocol (HTTP), OAuth separates the role of the client from the resource owner. The client requests access to the resources controlled by the resource owner and hosted by the resource server. The resource server issues access tokens with the approval of the resource owner. The client uses the access tokens to access the protected resources hosted by the resource server.

    OAuth 2.0 is directly related to OpenID Connect (OIDC). Since OIDC is an authentication and authorization layer built on top of OAuth 2.0, it isn't backward compatible with OAuth 1.0. Microsoft Entra ID supports all OAuth 2.0 flows.

    https://learn.microsoft.com/en-us/entra/architecture/auth-oauth2

    0 comments
  2. Raja Pothuraju 7,365 Reputation points Microsoft Vendor
    2024-07-09T14:36:37.14+00:00

    Hello @_Omar_ ,

    Thank you for posting your query on Microsoft Q&A.

    I understand that you're interested in deploying OAuth 2.0 with Entra ID endpoints to be accessible solely from a private network, without any interaction with the public internet. OAuth 2.0 is the protocol used for authenticating users to the registered application in Entra ID. Currently, Azure does not provide a tool or method to meet this requirement. Specifically, directing traffic to a private endpoint instead of the public internet is not supported at this time.

    Your feedback is valuable to us, and we encourage you to share it via our feedback channel at https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789which, which is closely monitored by our product team.

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    Please Accept the answer if the information helped you. This will help us and others in the community as well.

    Thanks,
    Raja Pothuraju.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.