Azure Request AD token based User/Group

Balakrishna Sudabathula 1 Reputation point
2021-10-28T17:18:25.61+00:00

I have an backend application registered in my organization and we have so many clients are consuming those API's. We have also registered Client Application and given permissions to the Backend API.

My Azure APIM API Inbound Policy expecting a token and validating it before sending the requesting to the Backend Application.

As a API owner, we need to test my API's which are published in the Azure APIM. I have the following questions on this.

1)if the API owner want to test the Applications, how they will get a token?

2) Is it possible to give the permissions to the Users/AD groups to the Backend API's? if yes, how can we get the token with out the client credentials?

Please help me here to understand how we can achieve this in Azure.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,465 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ben Gimblett 3,410 Reputation points Microsoft Employee
    2023-05-15T15:52:28.5233333+00:00

    Hi thanks for the question

    for an overview of authentication/authorization in Az API Management please see here

    To your specific question , if I am understanding correctly your backend is setup with oAuth and you use APIM to validate the jwt token on the way through.

    The developer portal test console can be configured to allow a user to obtain a JWT token (see here)

    You can do something similar if you prefer to use Postman (as an example of a popular http testing tool)

    Note: If you are using the client credentials flow then you cant obtain a token without making the correct token request towards the oAuth provider with the correct data (client id, secret etc). This is explained in detail for AAD (Az Active Directory) here.

    0 comments